[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

which firewall product?

Subject: which firewall product?
From: akennykant at gmail.com (Kenny Kant)
Date: Mon, 5 Aug 2013 04:45:51 -0500
In-reply-to: <CAP-guGV66EJebHOhkOuxAo7OcYbSt_Asa_nQSCysBdBQiq2eBw@mail.gmail.com>
References: <CAP-guGV66EJebHOhkOuxAo7OcYbSt_Asa_nQSCysBdBQiq2eBw@mail.gmail.com>

If the tunnel is to be terminated on this firewall device I would say look into a Mikrotik box.  Alternatively you could make Cisco's IOS firewall / zone based firewall do this.  So look into an ISR?


Sent from my iPad

On Jul 30, 2013, at 3:00 PM, William Herrin <bill at herrin.us> wrote:

> Hi folks,
> 
> I'm trying to identify a firewall appliance for one of my customers.
> The wrinkle is: it has to be able to inspect packets inside an IPIP
> tunnel and accept/reject based on IP address, TCP port number and
> standard things like that. On the packet carried *inside* the IPIP
> tunnel packet.
> 
> 
> From what I can tell, the Cisco ASA can't do this.
> 
> Linux iptables can (with the u32 match module) but the customer wants
> an appliance, not a server.
> 
> What appliances do you know of that can do this? Is there a different
> Cisco box? A Juniper firewall? Anything else?
> 
> Thanks in advance,
> Bill Herrin
> 
> 
> -- 
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>

Follow-Ups:
- which firewall product?
  - From: jpack at sevone.com (Jason Pack)

Prev by Date: Returned mail: see transcript for details
Next by Date: ddos attacks
Previous by thread: 204.17.16.0/20 Unreachable via Comcast ASN 7992; Looking for Help or Contacts
Next by thread: which firewall product?
Index(es):
- Date
- Thread