[cisco-bba] isolate virtual access interfaces

Tassos Chatzithomaoglou achatz at forthnet.gr
Thu Jul 6 14:32:34 EDT 2006



Arie Vayner wrote on 6/7/2006 20:33:
> Tassos,
> 
> A few ideas:
> 
> 1. Configure an ACL in the vtemplate blocking all egress traffic with
> sources from the forbidden range.
> 

That seems an easy one.
I still wonder why i didn't think of this one before.

Thanks Arie ;)

--
Tassos

> 2. Configure a route-map for all traffic received over the ppp
> sessions, pointing all the traffic to an upstream firewall (which is
> next-hop of the LNS), and apply a similar policy as (1).
> 
> Arie
> CCIE#12198
> 
> On 7/6/06, Tassos Chatzithomaoglou <achatz at forthnet.gr> wrote:
>> Is there an easy way of making all the vpdn sessions terminating under 
>> a common vtemplate (through
>> l2tp) not to be able to see each other (but continue to have access to 
>> everywhere else)?
>>
>> -- 
>> Tassos
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
> 



More information about the cisco-bba mailing list