Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MPLS SECURITY

DNS

|

Internet-----Firewall---switch-----CPE-----(MPLS VPN)

My problem is that on the customer firewall we see packets coming from other networks.

How come ? MPLS is supposed to be secure

------------------------------

Packet Warning: Packet (9.17.X.6X->9.133.X.X: Protocol=TCP[RST] Port 1533->1156) for interface 192.168.X.X was

routed to interface ?? -- bogus destination address?

---------------------------------

Jan 08 14:28:31.165 srvhkkling kernel[0]: 343 Packet Warning: Packet (9.69.X.X->9.133.104.74: Protocol=TCP[RST] Port 1352->1455) for interface 192.168.X.Xwas routed to interface ?? -- bogus destination address?

------------------------

Customer doesn't have network within 9.X.X.X range

According to the customer packets don't come from the internet side but the VPN MPLS side.

Has some already heard of that security problem and how to solve it ?

1 REPLY
New Member

Re: MPLS SECURITY

MPLS VPN is only as secure its configuration, similar to frame-relay, where if the provider configures the wrong virtual circuit mapping. It looks like the provider has messed up their import configuration of the Route Descriptors.

123
Views
0
Helpful
1
Replies