Chuck,
As the area I work in is using this methodology, we are happy with it's traffic
separation and security. The implementation we use is one lot of traffic uses a gre
tunnel and policy mapping into and out of the tunnel at the ends.
Rob O'Brien
CCNA
Canberra Australia.
Chuck Larrieu wrote:
> I swear the digressions will be the death of me yet!
>
> I've been reading up on route-maps and policy routing. Got to thinking about
> something one of my associates at work said to me. He likes to use policy
> routing as a means of securing networks in extranet situations. You know -
> central site sells services to a number of unrelated partners. Sometimes
> even internet access. Of course, one can't allow customer A to see customer
> B's network, and visa versa. But both A and B should get to a particular
> service, be that a database, a server, internet access, or whatever.
>
> So my comrade throws in policy routing. Source addresses from whatever
> interface or source address are only permitted to proceed out a particular
> interface or to a particular destination IP.
>
> Sounds good on the surface. The question I have is the risk, particularly
> from spoofed addresses. I suppose that matching the source interface
> eliminates the address issue. Still, I gotta wonder.... My associate says
> this isn't an issue and that I worry too much.
>
> Anyone have any thoughts?
>
> Chuck
> ----------------------
> I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
> it has been is over ( if you hope to pass ) From this time forward, you will
> study US!
> ( apologies to the folks at Star Trek TNG )
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
