[j-nsp] When will ASM/ASPIC configuration gain prefix lists?
Michael Loftis
mloftis at wgops.com
Thu Mar 2 13:00:44 EST 2006
--On March 1, 2006 12:20:49 PM +0300 Alexander Tarkhov <karabass at gmail.com>
wrote:
> Hi Michael,
>
> Looks like you are trying to use the simplest way of configuring it.
> However there is a more complex way which is much more flexible.
> Try to look at service-filters
>
> [edit firewall family inet service-filter filter-name term term-name from]
>
> I think there you can reference prefix-list.
> Also you can take
> "then service" or "then skip"
> as an action for selected traffic.
Still requires a service set be assigned to the interface, making most/many
of my packets visit the ASM not once but twice. This is all part of the
filtering/stateless matching, not part of the stateful matching. It is an
idea as a workaround though with an empty service set.
>
> http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-service
> s/html/interface-config9.html
>
> Regards,
> Alex
More information about the juniper-nsp
mailing list