<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 16/02/16 12:38, Tristram Cheer wrote:<br>
<blockquote
cite="mid:PS1PR03MB165960988F25CAA3586E14D496AC0@PS1PR03MB1659.apcprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi All,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I came across a client on our network that
is using a filtering service where the client installs a
device that sends all of their upload traffic over an IPSec
tunnel to a 3<sup>rd</sup> party network for inspection before
that network then sends the request on with the “spoofed” IP
of the client’s public IP so that the download stream returns
directly to the client.</p>
</div>
</blockquote>
At $priorjob, we 'resold' the service that Pete mentioned.<br>
<blockquote
cite="mid:PS1PR03MB165960988F25CAA3586E14D496AC0@PS1PR03MB1659.apcprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Has anyone else come across this type of
service before? Have you run into problems with what is in
effect one way traffic from a SME/Residential connection? It
seems to me that BCP38 would knock this service out <br>
</p>
</div>
</blockquote>
We did encounter one BCP38 type issue. Port 80 traffic from clients,
destined to our own on-net web servers (customer portal, etc),
passed through the filtering ISP, then re-entered our network via
local peering. As we did do BCP38 style filtering, this traffic was
dropped as being our IPs spoofed externally. I therefore had to
create specific filter exceptions on all the likely ingress points
for this type of traffic.<br>
<br>
Cheers,<br>
Simon<br>
<br>
</body>
</html>