12-30-2008 02:52 AM - edited 03-10-2019 04:26 AM
I have the firewall and it is working perfectly. I have not configured the IPS Module yet. I have IPSEC VPN also configured for the remote offices and it is working perfectly.
I want to enable IPS Module in the firewall. I want to know how to pass the IPSEC traffic into to IPS Module.
1. Whether it is possible to scan the IPSEC VPN traffic in IPS Module before allowing it to Inside zone (Trusted Zone)
regards,
R.B.KUMAR
12-31-2008 08:36 AM
I am assuming you are referring to the ASA and the IPS module installed. The default ASA configuration includes a default policy map applied globally with the service policy command. You configuration might look something like:
class-map ips_class_map
match any
policy-map global_policy
class ips_class_map
ips inline fail-open
service-policy global_policy global
12-31-2008 08:43 PM
Thankyou for your response.
But my query is whether IPSEC VPN traffic will be inspected using IPS Module.
If so, When it will be inspected for IPS Signature.
regards,
R.B.KUMAR
12-31-2008 09:59 PM
Yes, the IPSec VPN traffic will be inspected by the IPS module. VPN traffic will be decrypted before being passed to the IPS module.
I am not sure I understand your question,
When it will be inspected for IPS Signature
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: