Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
2
Replies

Site-to-Site VPN without IPSEC on ASA?

Nicolai Borchorst
Level 1
Level 1

‎08-29-2016 12:45 AM - edited ‎02-21-2020 08:57 PM

Hi

I'm making a presentation about Site-to-Site VPN between 2 Cisco ASA Firewalls for a school project. During the presentation i would like to show the difference between encrypted and unencrypted traffic. My plan is to have a VPN connection established between two ASA Firewalls (It has to be firewalls)
I would like to turn off IPSEC, setup wireshark on a PC and send some ICMP traffic and then show what the ICMP packages looks like in plain text.. Then turn on IPSEC and once again show what the package looks like when its been encrypted.

But is it even possible to turn off IPSEC on a site to site connection on a cisco ASA Firewall? I haven't been able to find any solution..

Best Regards
Nicolai Borchorst
CCIE Security #65775
Labels:
0 Helpful
2 Replies 2

Terence Payet
Level 1
Level 1

‎08-29-2016 01:50 AM

Hi,

Unfortunately no. This is a requirement of S2S config on ASA.

HTH.

Regards,

Terence

0 Helpful

Karsten Iwen
VIP
VIP

‎08-29-2016 01:51 PM

Is it just about showing that one transmission is clear text and the other is encrypted? Then you could configure IPSec with a transform-set with esp-null encryption first and then show the difference to a "real" encryption.

0 Helpful
Customers Also Viewed These Support Documents