Good $daytime,
> Date: Tue, 6 Feb 2001 15:57:33 -0600
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [FW1] GRE Decoding
> We are looking to implemenet Cisco-Cisco Tunnels between sites that
> are connected via Frame Relay AND a FW-1 VPN tunnel. The reason
> being is that we can control routing decisions at each cisco by
> having the remote LAN available via a Frame Relay (128Mbs) and a T-1
> to the internet on each side with a VPN tunnel. It's hard to
> describe in brief in an email, but that's not the point....
Side note: there are other ways to peer non-adjacent Cisco routers.
If your only intent is to exchange routing data, you probably don't
need to encapsulate all traffic in between.
> The point is: with the Cisco to Cisco tunnel, it will encapsulate
> everything in GRE. So, in the FW logs, I will see GRE traffic from
> router to router, and not HTTP/FTP/Netbios/etc traffic from host to
> host. Does anybody know a way for the FW to decode that encapsulated
> packet when it writes into the logs. If everything is in GRE, it
> will minimize the ability of the FW logs for troubleshooting and
> management. It's not a show stopper, but I would like to know if
> it's possible.
That is why you'd better put VPNs _before_ and firewalls _after_
tunnels of any kind (assuming you're looking from outside :).
Regards,
Willy.
--
"No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov
Shall bring us to our goal, | Control Systems and Processes Division
But iron sacrifice | LUKOIL Company, Chelyabinsk Branch
Of Body, Will and Soul." | mailto:[EMAIL PROTECTED] +7 3512 620367
R.Kipling |
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
