Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fleming
Advisor

cprid implied rule

Does anyone know if there is an easy way to exclude cprid from implied rules? The use case I have is to hit cprid through a vpn tunnel on a daip gateway. Basically hit the internal interface through a vpn tunnel. Currently it seems implied which prevents encryption.

All the daip gateways are on a MDS (CMA) running R80.20 if that matters. Daip gateways are mostly R77.20.x

0 Kudos
5 Replies
John_Fleming
Advisor

I should also point a large portion of the daip gateways are behind nat devices so i wouldn't have direct access to the external interface.

0 Kudos
PhoneBoy
Admin
Admin

In general you should consult with TAC if you want to do anything SIC over VPN.
That said, poking around in implied_rules.def in the relevant Backward Compatibility directory, it seems like this should work already.
Perhaps you can twiddle some bits there and see.
Or open a TAC case.
0 Kudos
John_Fleming
Advisor

I'm assuming your talking about 

#define accept_cprid  in the CPR77CMP dir?

My hope was not to touch .def files FYI.

 

I haven't chatted with the last 2 diamond reps so maybe its time to reach out.

0 Kudos
PhoneBoy
Admin
Admin

When you're talking about implied rules for SIC and friends, you're in .def modifying territory.
0 Kudos
John_Fleming
Advisor

yeah labbing up now. For some reason I was thinking i saw something where you could exclude services somewhere but i think i might be thinking about excluding services from vpn topo which wouldn't help.

 

/shrug

0 Kudos