https scanning through IPS

Unanswered Question
Apr 29th, 2010

Is it possible to scan all the https traffic passing through AIP module installed on ASA (inbound and outbound)?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 04/29/2010 - 08:44


You can inspect the HTTPS traffic passing through the IPS module on the ASA.

But you need to know that since HTTPS is encrypted, the IPS will not be able to ''read'' the contents of the packet.

So, you can monitor the behavior of the HTTPS traffic, and so on, but you cannot decrypt and obtain the original content (data) of the packets.


vikasgupta2k Thu, 04/29/2010 - 08:46

Is there any formal documentation from Cisco on this that I can present to the customer?

Federico Coto F... Thu, 04/29/2010 - 09:10

I'm not sure that I've seen a document.

It's the same with any cryptographic protocol (HTTPS, SSH, ISAKMP, SFTP, etc.)

Anything that goes encrypted can't be ''read'' since you would have to be able to decrypted prior to sending the traffic to the IPS for scanning.



This Discussion