[nsp] NetFlow through a firewall?

Gert Doering gert at greenie.muc.de
Thu May 8 10:14:32 EDT 2003


Hi,

On Wed, May 07, 2003 at 09:56:55PM -0400, Temkin, David wrote:
> A couple of people suggested that, but that's making it *worse* - not
> better... I'd rather open a single application specific UDP port through my
> firewall than open an entire tunnel that if someone compromises the router
> can gain full access inside...

You can do both, of course.  Setup an IPSEC tunnel (that terminates on 
the firewall) and filter the decapsulated packets.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de


More information about the cisco-nsp mailing list