https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184209#M77420 <P>Hi All,</P><P>I have an IPS module in a ASA via which we are planning to send l2tp traffic. Would it be possible for the IPS to insoect this traffic as it normmaly does with other traffic ?</P><P></P><P>Thanks</P> Sun, 10 Mar 2019 11:34:09 GMT thedinuka 2019-03-10T11:34:09Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184209#M77420 <P>Hi All,</P><P>I have an IPS module in a ASA via which we are planning to send l2tp traffic. Would it be possible for the IPS to insoect this traffic as it normmaly does with other traffic ?</P><P></P><P>Thanks</P> Sun, 10 Mar 2019 11:34:09 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184209#M77420 thedinuka 2019-03-10T11:34:09Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184210#M77421 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Yes this is possible for the IPS to inspect as the traffic is decrypted before it is processed by the AIP-SSM.</P><P></P><P>This is providing the ASA with the module in is terminating the l2TP connection <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Thanks</P><P></P><P>Andy</P></BODY></HTML> Wed, 25 Mar 2009 14:36:00 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184210#M77421 andrew100 2009-03-25T14:36:00Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184211#M77422 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Thanks for the response. But two points I need to clarify</P><P>We would not be using the ASA to terminate the l2tp tunnel. It will simply pass through the ASA to a router at which the tunnel is terminated.</P><P>Also, by default l2tp traffic is not encrypted right ? It is just encapsulation. It it was decrypted, then I know for sure that the IPS will not be able to inspect it. But since it is not, then theoretically the IPS should be capable of inspecting it.</P><P></P><P>the question is whether my hypothesis here is correct ?</P><P></P><P>thanks again </P></BODY></HTML> Thu, 26 Mar 2009 02:18:07 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184211#M77422 thedinuka 2009-03-26T02:18:07Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184212#M77423 <HTML><HEAD></HEAD><BODY><P>To inspect l2tp traffic the sensor software has to understand that their is an additional header on the packet in order to understand how to get to the packet inside the tunnel header.</P><P></P><P>Unfortunately the Cisco IPS Sensor software has not been coded to recognize an l2tp header and so does not know how to get to the underlying packet.</P><P></P><P>The Cisco IPS Sensor has only been coded to recognize and analyze packets within GRE, MPLES, IPV4inIPV4, and IPV4inIPV6 tunnels.</P><P></P></BODY></HTML> Thu, 26 Mar 2009 17:04:36 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184212#M77423 marcabal 2009-03-26T17:04:36Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184213#M77424 <HTML><HEAD></HEAD><BODY><P>Hi, Many thanks for the short and sweet answer. So the IPS will not inspect the l2tp traffic. Since it doesn't identify the traffic type, will it drop these ?</P><P></P><P></P><P>Din</P></BODY></HTML> Fri, 27 Mar 2009 03:21:15 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184213#M77424 thedinuka 2009-03-27T03:21:15Z https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184214#M77425 <HTML><HEAD></HEAD><BODY><P>The IPS will do some very basic signature checking on the first IPv4 packet header. </P><P>If the first header looks fine, then it should pass the packet through without further analysis.</P><P></P></BODY></HTML> Fri, 27 Mar 2009 14:02:33 GMT https://community.cisco.com/t5/network-security/inspecting-l2tp-traffic-using-aim-ips/m-p/1184214#M77425 marcabal 2009-03-27T14:02:33Z