[j-nsp] Firewall filter on IPSec tunnel
Matt Stevens
matt at elevate.org
Wed Jan 28 13:32:39 EST 2009
I have no flows showing with stateful-firewall - although these tunnels
are fine, and carrying traffic.
--
matt
Nan Li wrote:
> Find all the flowing inbound or outbound by command:
>
> Show services stateful-firewall flows
>
> Using interface service you need manually allowed inbound and outbound tcp
> or udp package by firewall matching .
>
> Make sure the package flowing is working on this interface, otherwise you
> can enable "establish-tunnel immediately" on both side.
>
> Nan
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Matt Stevens
> Sent: Wednesday, January 28, 2009 10:07 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Firewall filter on IPSec tunnel
>
> Hello everyone.
>
> I'm trying to apply a filter to traffic that's entering a router via an
> IPSec tunnel. It doesn't seem like applying the filter to the services
> interfaces has any effect. I've thought about using the from interface
> condition in the filter, but I have a fair number of IPSec interfaces to
> apply this against which makes for a lot of individual terms.
>
> Any suggestions?
More information about the juniper-nsp
mailing list