Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: GRE packets

  • From: Paul G. Donner
  • Date: Wed Jun 17 18:42:22 1998

At 03:23 PM 6/17/98 -0700, Danny McPherson wrote:
>
>Perhaps to combat this, unless I'm missing something, one could justifiably 
>deploy GRE filters with source & destination addresses of the exchange 
>subnets.  Filtering GRE in general seems nothing more than foolish.

Or the tunnel termination addresses, which while might be tighter, would
probably make the ACLs longer or more complex.

>
>-danny
>[snip] 
>(we certainly allow GRE packets and expect everyone else does, too)
>
>> This could kill IP-GRE VPNs indiscriminately.
>
>
>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.