cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


229
Views
15
Helpful
2
Replies
Contributor

IPSEC Tunnel Interesting traffic IPs seen?

So if there is another FW in between 2 Fws and/or routers that have a IPSEC tunnel built between them, can a FW that sits between (transport device that passed the traffic to and from) see the interesting IP traffic (source IPs and destinations of interesting traffic, not just tunnel peer ip addresses)?

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: IPSEC Tunnel Interesting traffic IPs seen?

Hi,
No, all those intermediate routers/firewalls will see is ESP or UDP/4500 encrypted traffic between the VPN peer IP addresses. The interesting traffic will be encapsulated inside the encrypted VPN tunnel.

HTH

View solution in original post

VIP Advocate

Re: IPSEC Tunnel Interesting traffic IPs seen?

Just to add to what @RJI has posted, they might also see UDP/500, UDP/4500 will be seen if NAT traversal is configured (enabled by default) and there is a NAT device in the path between the VPN headends.  Otherwise nothing within the VPN tunnel is seen by other devices in the path.

--
Please remember to rate and select a correct answer

View solution in original post

2 REPLIES 2
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: IPSEC Tunnel Interesting traffic IPs seen?

Hi,
No, all those intermediate routers/firewalls will see is ESP or UDP/4500 encrypted traffic between the VPN peer IP addresses. The interesting traffic will be encapsulated inside the encrypted VPN tunnel.

HTH

View solution in original post

VIP Advocate

Re: IPSEC Tunnel Interesting traffic IPs seen?

Just to add to what @RJI has posted, they might also see UDP/500, UDP/4500 will be seen if NAT traversal is configured (enabled by default) and there is a NAT device in the path between the VPN headends.  Otherwise nothing within the VPN tunnel is seen by other devices in the path.

--
Please remember to rate and select a correct answer

View solution in original post