On Sat, Apr 21, 2007 at 02:32:22PM +0200, Gert Doering wrote:
>
> 7600/Sup720 will do "whatever you need", provided you use a different local
> address for each "tunnel source" (if you have multiple tunnels on the
> same local IP address, the hardware can't do the tunneling, and the CPU
> is much slower).
But it won't verify the source address on GRE packets it receives,
which makes it feasible to forge GRE packets without forging the source
address, which in some configurations makes some attacks easier. That
relevant in some situations and not in others ...
-- Brett
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
