|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: GRE packets
At 03:23 PM 6/17/98 -0700, Danny McPherson wrote: > >Perhaps to combat this, unless I'm missing something, one could justifiably >deploy GRE filters with source & destination addresses of the exchange >subnets. Filtering GRE in general seems nothing more than foolish. Or the tunnel termination addresses, which while might be tighter, would probably make the ACLs longer or more complex. > >-danny >[snip] >(we certainly allow GRE packets and expect everyone else does, too) > >> This could kill IP-GRE VPNs indiscriminately. > > >
|