17 Jun
1998
17 Jun
'98
6:23 p.m.
At 03:23 PM 6/17/98 -0700, Danny McPherson wrote:
Perhaps to combat this, unless I'm missing something, one could justifiably deploy GRE filters with source & destination addresses of the exchange subnets. Filtering GRE in general seems nothing more than foolish.
Or the tunnel termination addresses, which while might be tighter, would probably make the ACLs longer or more complex.
-danny [snip] (we certainly allow GRE packets and expect everyone else does, too)
This could kill IP-GRE VPNs indiscriminately.