I swear the digressions will be the death of me yet!
I've been reading up on route-maps and policy routing. Got to thinking about
something one of my associates at work said to me. He likes to use policy
routing as a means of securing networks in extranet situations. You know -
central site sells services to a number of unrelated partners. Sometimes
even internet access. Of course, one can't allow customer A to see customer
B's network, and visa versa. But both A and B should get to a particular
service, be that a database, a server, internet access, or whatever.
So my comrade throws in policy routing. Source addresses from whatever
interface or source address are only permitted to proceed out a particular
interface or to a particular destination IP.
Sounds good on the surface. The question I have is the risk, particularly
from spoofed addresses. I suppose that matching the source interface
eliminates the address issue. Still, I gotta wonder.... My associate says
this isn't an issue and that I worry too much.
Anyone have any thoughts?
Chuck
----------------------
I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
it has been is over ( if you hope to pass ) From this time forward, you will
study US!
( apologies to the folks at Star Trek TNG )
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
