Hi experts,
I have two cisco routers and one Juniper SRX. The topology goes as such with no nat just routing but the SRX still in security mode and everything from untrust to wan goes through the SRX and vice versa.
Cisco Router <--untrust-zone--> Juniper SRX <---wan-zone-> Cisco router
One zone is called untrust and the other zone is called wan-zone
I'm only allowing junos-ping from untrust to wan and from wan to untrust.
Somehow I can still establish GRE tunnel from Cisco to Cisco no problem.
I have created a custom application with protocol GRE and add it to a policy as deny and re-ordered the policy to the top without much luck.
I just want to know how to block this protocol with a security policy.