[c-nsp] block TCP/UDP ports in GRE tunnel
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Feb 19 02:21:15 EST 2007
Vikas Sharma <mailto:vikassharmas at gmail.com> wrote on Monday, February
19, 2007 8:02 AM:
> Hi,
>
> Here the only problem is any packet with MTU size more than interface
> MTU will be dropped bcos of fregmentation. By default ACL does not
> allow fregmented packets.
Take a look at http://www.cisco.com/warp/public/105/acl_wp.html to see
how ACLs deal with fragmented packets. Maybe you can find a way to
achieve your goal, this highly depends on how your ACL looks like.
oli
>
> On 2/18/07, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
>
> Vikas Sharma <> wrote on Sunday, February 18, 2007 4:14 PM:
>
> > Hi,
> >
> > I have a query, is it possible to block specific TCP/UDP ports
in
> GRE > tunnel?
>
> applying an ACL to the tunnel interface doesn't work?
>
> oli
More information about the cisco-nsp
mailing list