[j-nsp] Firewall filter on IPSec tunnel
Matt Stevens
matt at elevate.org
Wed Jan 28 13:17:33 EST 2009
Well, the fact that I'm terminating the tunnel helps. :-)
Basically, I want to apply an output filter on the tunnel interface to
filter packets leaving the tunnel towards a local subnet.
--
matt
Stefan Fouant wrote:
> On Wed, Jan 28, 2009 at 1:06 PM, Matt Stevens <matt at elevate.org
> <mailto:matt at elevate.org>> wrote:
>
> Hello everyone.
>
> I'm trying to apply a filter to traffic that's entering a router via
> an IPSec tunnel. It doesn't seem like applying the filter to the
> services interfaces has any effect. I've thought about using the
> from interface condition in the filter, but I have a fair number of
> IPSec interfaces to apply this against which makes for a lot of
> individual terms.
>
> Any suggestions?
> --
> matt
>
>
> And what kind of magic do you have that allows you to inspect traffic
> that is encrypted? ;)
>
> Stefan
More information about the juniper-nsp
mailing list