On Sat, Apr 21, 2007 at 02:32:22PM +0200, Gert Doering wrote: > > 7600/Sup720 will do "whatever you need", provided you use a different local > address for each "tunnel source" (if you have multiple tunnels on the > same local IP address, the hardware can't do the tunneling, and the CPU > is much slower).
But it won't verify the source address on GRE packets it receives, which makes it feasible to forge GRE packets without forging the source address, which in some configurations makes some attacks easier. That relevant in some situations and not in others ... -- Brett _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/