... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.dcom.vpn

VPN protocols, clients, awesomeness

2,348 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 1,650 of 2,348

Walter Roberson to Dimitri Petrovich

Re: GRE traffic over PIX IPSEC VPN

06 Jun 05 16:27:49

   XPost: comp.dcom.sys.cisco   
   From: roberson@ibd.nrc-cnrc.gc.ca   
      
   In article <42a47170_2@x-privat.org>,   
   Dimitri Petrovich  wrote:   
   :1. GRE traffic, it has an IP header?   
      
   Yes. And your PIX 515 running 6.3(4) is only able to handle IP traffic.   
   [You could update to PIX 7.0 if you needed to handle non-IP traffic.]   
      
   :is this a tcp data flow? or what?   
      
   It is not a tcp data flow, nor a udp data flow, nor icmp -- it is   
   it's own protocol at the same level as tcp and udp.   
      
   :2. Can PIX manage to VPN GRE TRAFFIC   
      
   Yes, that should be possible.   
      
   :or I need to specify permit gre any any   
   :in my ACL? Is GRE part of the generic "IP" statement in a PIX ACL for VPN?   
      
   GRE is part of IP and would be included if you had  permit ip   
      
   Note: GRE has no "port" and therefore cannot be used with Port Address   
   Translation (PAT).   
      
   --   
      "No one has the right to destroy another person's belief by   
      demanding empirical evidence."            -- Ann Landers   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]