A customer has sensors north of a VPN where all traffic is encrypted ESP traffic. Is this sensor able to detect attacks? I trying to determin if it would be better deployed south of VPN.
The only limit that I know of is bandwidth and drop packet tolerance. I have had as many as 96 source ports configured before I discovered vlan sourcing then i saw how many dropped packets becuase of over taxing the ids. solution more sensors
We just ran into this problem as well with a 3640 running IOS ver 12.2 with 16 port switching mod. It seem as if the switch mod does not strip the tags and the IDS will not read the 802.1q tags. We threw a temp solution at the problem by adding a 355...
