Hi everybody,
Being security addicted, I've setup the following:
A GRE tunnel between 2 router (let's call them A and B). Each got its own loopback (loA and LoB). Now, i've set an ip access-list on each interface permitting only LoA to reach LoB and vice versa. It worked. Now, when I try to implement a keepalive on both side of the tunnel, the access-list prevent it. My question : Is there any standard way to let the keepalive go through in a nice way? So far, I've permitted in the access-list of the tunnel the adress of the physical interface so the keepalive goes through the tunnel and comes back via the line directly. Is that the correct way to do it ? could anyone point me a good reference?
Thanks
Being security addicted, I've setup the following:
A GRE tunnel between 2 router (let's call them A and B). Each got its own loopback (loA and LoB). Now, i've set an ip access-list on each interface permitting only LoA to reach LoB and vice versa. It worked. Now, when I try to implement a keepalive on both side of the tunnel, the access-list prevent it. My question : Is there any standard way to let the keepalive go through in a nice way? So far, I've permitted in the access-list of the tunnel the adress of the physical interface so the keepalive goes through the tunnel and comes back via the line directly. Is that the correct way to do it ? could anyone point me a good reference?
Thanks