<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 16/02/16 12:38, Tristram Cheer wrote:<br>
<blockquote
cite="mid:PS1PR03MB165960988F25CAA3586E14D496AC0@PS1PR03MB1659.apcprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Narrow";
panose-1:2 11 6 6 2 2 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi All,<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">I came across a client on our network that
is using a filtering service where the client installs a
device that sends all of their upload traffic over an IPSec
tunnel to a 3<sup>rd</sup> party network for inspection before
that network then sends the request on with� the �spoofed� IP
of the client�s public IP so that the download stream returns
directly to the client.</p>
</div>
</blockquote>
At $priorjob, we 'resold' the service that Pete mentioned.<br>
<blockquote
cite="mid:PS1PR03MB165960988F25CAA3586E14D496AC0@PS1PR03MB1659.apcprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">Has anyone else come across this type of
service before? Have you run into problems with what is in
effect one way traffic from a SME/Residential connection? It
seems to me that BCP38 would knock this service out <br>
</p>
</div>
</blockquote>
We did encounter one BCP38 type issue. Port 80 traffic from clients,
destined to our own on-net web servers (customer portal, etc),
passed through the filtering ISP, then re-entered our network via
local peering. As we did do BCP38 style filtering, this traffic was
dropped as being our IPs spoofed externally.� I therefore had to
create specific filter exceptions on all the likely ingress points
for this type of traffic.<br>
<br>
Cheers,<br>
Simon<br>
<br>
</body>
</html>