11-14-2008 03:57 AM - edited 03-10-2019 04:22 AM
We have an IDSM-2 installation on 6500 switch. There is an ATM switch resides inside the data center. The branch ATMs having encrypted tunnel up to the ATM switch via IDSM-2 ( in-line mode).
1. How does the IDSM-2 will analyze this traffic ?
2. Is there nay effect on this traffic when we send it thorough IDSM-2 ?
Thanks,
11-14-2008 09:00 AM
If you're sending an encrypted tunnel thru your IDSM, then the IDSM will not be able to perform any detection on the encrypted portion of the data.
The encrypted packet load will have some effect on the load of the sensor.
11-16-2008 12:03 AM
The IDSM can't do much with the encrypted traffic.
If you require to monitor this traffic, you have to redesign your network to ensure that the IDS sees the post-decrypted traffic/pre-encrypted traffic.
Regards
Farrukh
11-16-2008 10:48 PM
Hi,
Thanks for the answer. Asusming that the IDSM-2 is deployed in in-line mode, does it allow encrypted traffic to flow ( even without analyzing) ?
Or does it blocks the traffic that it can't analyzed ?
11-16-2008 11:33 PM
It will usually let it pass :).
There are some signatures in Cisco IPS software that have 'deny' actions by default, specially those pertaining to TCP normalization, you can either remove their deny action or monitor the network closely for any hickups.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide