From: Scott Morris (swm@emanon.com)
Date: Sun Aug 21 2005 - 15:46:18 GMT-3
How about sending your firewall to me since you don't use it. :)
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Sunday, August 21, 2005 12:58 PM
To: 'Brant I. Stevens'; 'Sayeed Kachroo'; cciein2006@yahoo.com;
ccielab@groupstudy.com
Subject: RE: Routing updates through a firewall
How about a GRE tunnel through a VPN connection?
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brant I. Stevens
Sent: Sunday, August 21, 2005 9:31 AM
To: Sayeed Kachroo; cciein2006@yahoo.com; ccielab@groupstudy.com
Subject: Re: Routing updates through a firewall
Correct me if I'm wrong, but, doesn't using a GRE tunnel for such a purpose
basically negate using a firewall once you permit the GRE tunnel through it?
You would have to add ACLs to the GRE tunnel to permit/deny traffic as
desired, and if you weren't using a FW feature set, it would only give you
packet filtering; not stateful inspection.
BGP will give you the best path to a destination, but the specific traffic
type must be permitted through the firewall.
On 8/20/05 1:28 AM, "Sayeed Kachroo" <sayeedk@hotmail.com> wrote:
> Well i think with redistribution you will lose bgp attribute , i dont
> think that is a good idea. How about using gre. Pass the gre traffic
> through the pix.
>
> SK
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3