[j-nsp] Issues with 7.2R1.7 and Firewall Filters
Rafal Szarecki (WA/EPO)
rafal.szarecki at ericsson.com
Tue Sep 13 12:22:46 EDT 2005
I do not see when firewall is applied....
on gre-1/2/0.0 or on other interface ?
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of
> Laura McDonnell
> Sent: Tuesday, September 13, 2005 11:46 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Issues with 7.2R1.7 and Firewall Filters
>
>
> I am currently setting up the configuration for a M7i router
> and have come
> across some difficulty with the firewall filters for GRE.
> I have configured them similar to cisco but when I look at
> the firewall logs
> I am seeing hits against the inbound filter but none against
> the outbound
> filter. When I remove the inbound filter all works fine. I
> am slightly
> confused at the configuration I should be using currently I have the
> following setup.
>
> Inbound
> term GRE {
> from {
> source-address {
> y/32;
> }
> destination-address {
> x/32;
> }
> protocol gre;
> }
> then {
> count GRE;
> log;
> accept;
>
> Outbound
> term GRE {
> from {
> source-address {
> x/32;
> }
> destination-address {
> y/32;
> }
> protocol gre;
> }
> then {
> count GRE;
> log;
> accept;
> }
>
> interfaces {
> gr-1/2/0 {
> unit 0 {
> description Tunnel;
> tunnel {
> source x;
> destination y;
> }
> family inet;
> }
>
> Can somebody please confirm my configs are correct and
> explain why I am not
> able to run the tunnel when I have this configured.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list