Encrypted traffic though IDSM-2

Unanswered Question
Nov 14th, 2008

We have an IDSM-2 installation on 6500 switch. There is an ATM switch resides inside the data center. The branch ATMs having encrypted tunnel up to the ATM switch via IDSM-2 ( in-line mode).

1. How does the IDSM-2 will analyze this traffic ?

2. Is there nay effect on this traffic when we send it thorough IDSM-2 ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Fri, 11/14/2008 - 09:00

If you're sending an encrypted tunnel thru your IDSM, then the IDSM will not be able to perform any detection on the encrypted portion of the data.

The encrypted packet load will have some effect on the load of the sensor.

Farrukh Haroon Sun, 11/16/2008 - 00:03

The IDSM can't do much with the encrypted traffic.

If you require to monitor this traffic, you have to redesign your network to ensure that the IDS sees the post-decrypted traffic/pre-encrypted traffic.



nkariyawasam Sun, 11/16/2008 - 22:48


Thanks for the answer. Asusming that the IDSM-2 is deployed in in-line mode, does it allow encrypted traffic to flow ( even without analyzing) ?

Or does it blocks the traffic that it can't analyzed ?

Farrukh Haroon Sun, 11/16/2008 - 23:33

It will usually let it pass :).

There are some signatures in Cisco IPS software that have 'deny' actions by default, specially those pertaining to TCP normalization, you can either remove their deny action or monitor the network closely for any hickups.




This Discussion