[j-nsp] Firewall filter on IPSec tunnel

Matt Stevens matt at elevate.org
Wed Jan 28 13:17:33 EST 2009


Well, the fact that I'm terminating the tunnel helps. :-)

Basically, I want to apply an output filter on the tunnel interface to 
filter packets leaving the tunnel towards a local subnet.
-- 
matt


Stefan Fouant wrote:
> On Wed, Jan 28, 2009 at 1:06 PM, Matt Stevens <matt at elevate.org 
> <mailto:matt at elevate.org>> wrote:
> 
>     Hello everyone.
> 
>     I'm trying to apply a filter to traffic that's entering a router via
>     an IPSec tunnel. It doesn't seem like applying the filter to the
>     services interfaces has any effect. I've thought about using the
>     from interface condition in the filter, but I have a fair number of
>     IPSec interfaces to apply this against which makes for a lot of
>     individual terms.
> 
>     Any suggestions?
>     -- 
>     matt
> 
>  
> And what kind of magic do you have that allows you to inspect traffic 
> that is encrypted?  ;)
>  
> Stefan


More information about the juniper-nsp mailing list