Hello,
How can I assure that my vpn-mpls
clients cannot use rfc1918 sourced ip packets (or spoof ) in case they have
also internet access configured by route-leaking ?
If I use URPF it will look in the
vrf’s FIB (not in the global RoutingTable FIB ) so it will let pass ip packets
sourced with private addresses.
Any nice implementation you can
share w/ me ?
Tks,
Constantin
Tivig
Xnet/Connex
-------------------------------------------------------------------------------
The
content of this communication is classified as Mobifon SA Romania Confidential
and Proprietary Information.The content of this communication is intended
solely for the use of the individual or entity to whom it is addressed and
others authorized to receive it. If you are not the intended recipient you are
hereby notified that any disclosure, copying, distribution or taking any
action in reliance on the contents of this information is strictly prohibited
and may be unlawful. If you have received this communication in error, please
notify us immediately by responding to this communication then delete it from
your system. We appreciate your assistance in preserving the confidentiality
of our correspondence. Thank you.
Prezentul mesaj constituie o
Informatie confidentiala si este proprietatea exclusiva a MobiFon S.A..
Mesajul se adreseaza numai persoanei fizice sau juridice mentionata ca
destinatara, precum si altor persoane autorizate sa-l primeasca. In cazul in
care nu sunteti destinatarul vizat, va aducem la cunostinta ca dezvaluirea,
copierea, distribuirea sau initierea unor actiuni pe baza prezentei informatii
sunt strict interzise si atrag raspunderea civila si penala. Daca ati primit
acest mesaj dintr-o eroare, va rugam sa ne anuntati imediat, ca raspuns la
mesajul de fata, si sa-l stergeti apoi din sistemul dvs. Apreciem si va
multumim pentru sprijinul acordat in pastrarea confidentialitatii
corespondentei
noastre.
-------------------------------------------------------------------------------