We are having following scenario at one of the customers
ISP Link -> L2 Switch -> IPS in Inline (VLAN)Mode -> PIX Firewall
There are lot of Site to Site VPN tunnels terminated on the PIX Firewall; hence please let me know if the VPN traffic towards firewall will be inspected by IPS and if yes how will the signature analysis happen for it i.e whether IPS will really be able to undertstand the encrypted traffic ?
The IPS will inspect the encrypted traffic but does not have the ability to look inside the encryption; it generally cannot understand the encrypted traffic; so all the inspection can do is IP Header type inspections like sweeps, floods, and "impossible IP packet" type checks. It may also do L4 inspections depending on your VPN technology...but the encrypted data is still opaque (cannot be understood). Any clear (non-vpn) traffic is still inspected; the meer presence of VPN does not affect non-VPN inspection.
To inspect the data that is traversing the VPN's, you'd need to put an IPS inline behind the PIX (post VPN termination).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...