[j-nsp] Firewall filter on IPSec tunnel
Nan Li
nan.li.juniper at gmail.com
Wed Jan 28 13:26:36 EST 2009
Find all the flowing inbound or outbound by command:
Show services stateful-firewall flows
Using interface service you need manually allowed inbound and outbound tcp
or udp package by firewall matching .
Make sure the package flowing is working on this interface, otherwise you
can enable "establish-tunnel immediately" on both side.
Nan
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Matt Stevens
Sent: Wednesday, January 28, 2009 10:07 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Firewall filter on IPSec tunnel
Hello everyone.
I'm trying to apply a filter to traffic that's entering a router via an
IPSec tunnel. It doesn't seem like applying the filter to the services
interfaces has any effect. I've thought about using the from interface
condition in the filter, but I have a fair number of IPSec interfaces to
apply this against which makes for a lot of individual terms.
Any suggestions?
--
matt
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list