Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2037
Views
5
Helpful
1
Replies

Encrypted traffic inspected by IPS ?

ankurs2008
Level 1
Level 1

‎07-08-2008 11:24 AM - edited ‎03-10-2019 04:11 AM

Dear All

We are having following scenario at one of the customers

ISP Link -> L2 Switch -> IPS in Inline (VLAN)Mode -> PIX Firewall

There are lot of Site to Site VPN tunnels terminated on the PIX Firewall; hence please let me know if the VPN traffic towards firewall will be inspected by IPS and if yes how will the signature analysis happen for it i.e whether IPS will really be able to undertstand the encrypted traffic ?

Regards

Ankur

Labels:
0 Helpful
1 Reply 1

scothrel
Level 3
Level 3

‎07-08-2008 11:57 AM

Ankur,

The IPS will inspect the encrypted traffic but does not have the ability to look inside the encryption; it generally cannot understand the encrypted traffic; so all the inspection can do is IP Header type inspections like sweeps, floods, and "impossible IP packet" type checks. It may also do L4 inspections depending on your VPN technology...but the encrypted data is still opaque (cannot be understood). Any clear (non-vpn) traffic is still inspected; the meer presence of VPN does not affect non-VPN inspection.

To inspect the data that is traversing the VPN's, you'd need to put an IPS inline behind the PIX (post VPN termination).

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card