I have one network deployment project and have setup the IPSec site to site VPN tunnel using the ASA 5510 FW.But according to our customer requirment, we need to prove that the tunnel shouldn't be able to sniff the data betwwen two sites. Is there any way to conduct peneration test in order to prove that tunnel is not able to sniff the packet/ data between two sites?
Re: Penetration Test to IPSec Tunnel in ASA 5510 FW
Connect the outside interface of the ASA to a Catalyst switch along with your WAN router, then SPAN the port(s) and collect the data in wireshark. This would emulate someone outside the FW trying to look at traffic traversing between the two sitesm you will need to be using public ip addressing on the outside of the ASA of course.
Obviously dont use a switch that is connected to your production network unless you create an isolated vlan on said switch for the purpose of testing this configuration. You could also do this will a completely separate hub on a temporary basis.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...