[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] GRE Decoding
Good $daytime, > Date: Tue, 6 Feb 2001 15:57:33 -0600 > From: [email protected] > To: [email protected] > Subject: [FW1] GRE Decoding > We are looking to implemenet Cisco-Cisco Tunnels between sites that > are connected via Frame Relay AND a FW-1 VPN tunnel. The reason > being is that we can control routing decisions at each cisco by > having the remote LAN available via a Frame Relay (128Mbs) and a T-1 > to the internet on each side with a VPN tunnel. It's hard to > describe in brief in an email, but that's not the point.... Side note: there are other ways to peer non-adjacent Cisco routers. If your only intent is to exchange routing data, you probably don't need to encapsulate all traffic in between. > The point is: with the Cisco to Cisco tunnel, it will encapsulate > everything in GRE. So, in the FW logs, I will see GRE traffic from > router to router, and not HTTP/FTP/Netbios/etc traffic from host to > host. Does anybody know a way for the FW to decode that encapsulated > packet when it writes into the logs. If everything is in GRE, it > will minimize the ability of the FW logs for troubleshooting and > management. It's not a show stopper, but I would like to know if > it's possible. That is why you'd better put VPNs _before_ and firewalls _after_ tunnels of any kind (assuming you're looking from outside :). Regards, Willy. -- "No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov Shall bring us to our goal, | Control Systems and Processes Division But iron sacrifice | LUKOIL Company, Chelyabinsk Branch Of Body, Will and Soul." | mailto:[email protected] +7 3512 620367 R.Kipling | ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|