Solved: Re: IPSEC Tunnel Interesting traffic IPs seen?

CiscoBrownBelt · ‎10-15-2019

So if there is another FW in between 2 Fws and/or routers that have a IPSEC tunnel built between them, can a FW that sits between (transport device that passed the traffic to and from) see the interesting IP traffic (source IPs and destinations of interesting traffic, not just tunnel peer ip addresses)?

Rob Ingram · ‎10-15-2019

Hi,
No, all those intermediate routers/firewalls will see is ESP or UDP/4500 encrypted traffic between the VPN peer IP addresses. The interesting traffic will be encapsulated inside the encrypted VPN tunnel.

HTH

View solution in original post

Marius Gunnerud · ‎10-15-2019

Just to add to what @Rob Ingram has posted, they might also see UDP/500, UDP/4500 will be seen if NAT traversal is configured (enabled by default) and there is a NAT device in the path between the VPN headends. Otherwise nothing within the VPN tunnel is seen by other devices in the path.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Rob Ingram · ‎10-15-2019

Hi,
No, all those intermediate routers/firewalls will see is ESP or UDP/4500 encrypted traffic between the VPN peer IP addresses. The interesting traffic will be encapsulated inside the encrypted VPN tunnel.

HTH

Marius Gunnerud · ‎10-15-2019

Just to add to what @Rob Ingram has posted, they might also see UDP/500, UDP/4500 will be seen if NAT traversal is configured (enabled by default) and there is a NAT device in the path between the VPN headends. Otherwise nothing within the VPN tunnel is seen by other devices in the path.

--
Please remember to select a correct answer and rate helpful posts