Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

How to limit specific traffic through gre tunnel?

I want to use ACL to limit traffic through gre tunnel.When I do it, I find some problem,please help me.

what's mean of "in" and "out"?I know in and out when interface is ethernet or serial,but how about is it when interace is tunnel?

suppose my topu is like this:

---gre---int tunn 0---router-----ether0

int tunn 0

ip addr 1.1.1.1 255.255.255.252

tunnel source 10.10.10.253

tunnel destination 9.1.1.1

ip access-group 110 out

int ethernet 0

ip addr 10.10.10.253 255.255.255.0

access-list 110 permit ip host 9.1.1.8 host 10.10.10.222

so access-list 110 is right or it must be:

access-list 110 permit ip host 10.10.10.222 host 9.1.1.8

I don't know which process order is right.

I think router will encapsulation gre first,then check output access-list,and deencapsulation gre,then check input access-list,am I right?

thanks

1 REPLY
Bronze

Re: How to limit specific traffic through gre tunnel?

Hi,

your understanding is correct, but there are ceavats on the Cisco IOS abt that, AFAIK.

simple work around to do that is to apply an inbound ACL on the inside interface on the router to filter unnecesary traffic from going down the tunnel.

Thx

Afaq

235
Views
0
Helpful
1
Replies
CreatePlease to create content