[33157] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: RFC1918 addresses to permit in for VPN?

daemon@ATHENA.MIT.EDU (Stephen Stuart)
Sun Dec 31 23:42:03 2000

Message-Id: <200101010439.f014dwV06101@hi.tech.org>
To: Dana Hudes <dhudes@hudes.org>
Cc: nanog@merit.edu
In-reply-to: Your message of "Sun, 31 Dec 2000 22:32:51 EST."
             <Pine.LNX.4.30.0012312226450.1887-100000@harmony.hudes.org> 
Date: Sun, 31 Dec 2000 20:39:58 -0800
From: Stephen Stuart <stuart@mfnx.net>
Errors-To: owner-nanog-outgoing@merit.edu


> Implementation at the border with a peer is another matter. On cisco
> one would love to use ip verify unicast reverse path but that's not going
> to work because of asymmetric routes.

Have you looked at "ip verify unicast source reachable-via any"? YMMV
traffic-wise, but technology-wise it's supposed to address the
asymmetry issue.

Stephen


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33157] in North American Network Operators' Group

Re: RFC1918 addresses to permit in for VPN?

daemon@ATHENA.MIT.EDU (Stephen Stuart)Sun Dec 31 23:42:03 2000

daemon@ATHENA.MIT.EDU (Stephen Stuart)
Sun Dec 31 23:42:03 2000