IPS and GRE over IPSec Tunnel

Unanswered Question
Mar 3rd, 2010

I have Cisco IPS 4240 deployed in the infrastructure.


I have GRE over IPSec Tunnels accross many locations.I want to know if IPS can check for GRE Payload in case of packets flowing accross GRE over IPSec Tunnel. ( e.g. can I use signature id  1401/0- IPIP Encapsulation )


Problem faced:  user laptop was infected and it was locking the account of another user in another location to whom he used to communicate on GRE over IPSec Tunnel.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rizwanr74 Tue, 06/29/2010 - 07:46

As a workaround for now, we used a Service Account on the sensor to edit

the /usr/cids/idsRoot/etc/sensorApp.conf file, when done you must reboot the IPS in order to reflect the change, adding:

[Tunnel]

WantGRE=false

Actions

This Discussion