[c-nsp] Routing packets between two VPNs terminating on thesamePIX
Eric Pylko
eric at infinitenetworks.us
Sun Jul 10 21:30:49 EDT 2005
> -----Original Message-----
> From: Crist Clark [mailto:crist.clark at globalstar.com]
> Sent: Tuesday, July 05, 2005 6:38 PM
> To: Eric Pylko
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Routing packets between two VPNs terminating on
> thesamePIX
>
> Eric Pylko wrote:
> >>On Fri, 1 Jul 2005, Matti Saarinen wrote:
> >>
> >>
> >>>>What problems have you found with 7.0??
> >>>
> >
> > I found one where if you enter a statement like:
> >
> > static (inside,outside) 1.2.3.092 192.168.23.23
> >
> > it turns into this in the config file:
> >
> > static (inside,outside) 1.2.3.84 192.168.23.23
> >
> > The problem seems to be with the leading 0 (it was in a spreadsheet for
> > sorting purposes). It strangely looks like it thought 092 was octal.
>
> That an octet in an IP address with a leading zero was treated as octal
> is a feature, not a bug, AFAIK. What is a bug is that it accepted '092'
> as an octal value. Not a lot of '9' digits in octal numbers. And that
> it turned '092' into '84' _really_ violates POLA (wouldn't it be
> 9 * 8 + 2 = 74?).
You're right. The message I got back from Cisco was it is a legacy feature
borrowed from IOS. There is an enhancement request open to see if this is
really necessary.
-Eric
More information about the cisco-nsp
mailing list