cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
472
Views
0
Helpful
3
Replies

IPSEC VPN & IPS Module

hclisschennai
Level 1
Level 1

I have the firewall and it is working perfectly. I have not configured the IPS Module yet. I have IPSEC VPN also configured for the remote offices and it is working perfectly.

I want to enable IPS Module in the firewall. I want to know how to pass the IPSEC traffic into to IPS Module.

1. Whether it is possible to scan the IPSEC VPN traffic in IPS Module before allowing it to Inside zone (Trusted Zone)

regards,

R.B.KUMAR

3 Replies 3

rmeans
Level 3
Level 3

I am assuming you are referring to the ASA and the IPS module installed. The default ASA configuration includes a default policy map applied globally with the service policy command. You configuration might look something like:

class-map ips_class_map

match any

policy-map global_policy

class ips_class_map

ips inline fail-open

service-policy global_policy global

Thankyou for your response.

But my query is whether IPSEC VPN traffic will be inspected using IPS Module.

If so, When it will be inspected for IPS Signature.

regards,

R.B.KUMAR

Yes, the IPSec VPN traffic will be inspected by the IPS module. VPN traffic will be decrypted before being passed to the IPS module.

I am not sure I understand your question,

When it will be inspected for IPS Signature

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: