Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encrypted traffic though IDSM-2

We have an IDSM-2 installation on 6500 switch. There is an ATM switch resides inside the data center. The branch ATMs having encrypted tunnel up to the ATM switch via IDSM-2 ( in-line mode).

1. How does the IDSM-2 will analyze this traffic ?

2. Is there nay effect on this traffic when we send it thorough IDSM-2 ?

Thanks,

4 REPLIES
Gold

Re: Encrypted traffic though IDSM-2

If you're sending an encrypted tunnel thru your IDSM, then the IDSM will not be able to perform any detection on the encrypted portion of the data.

The encrypted packet load will have some effect on the load of the sensor.

Re: Encrypted traffic though IDSM-2

The IDSM can't do much with the encrypted traffic.

If you require to monitor this traffic, you have to redesign your network to ensure that the IDS sees the post-decrypted traffic/pre-encrypted traffic.

Regards

Farrukh

New Member

Re: Encrypted traffic though IDSM-2

Hi,

Thanks for the answer. Asusming that the IDSM-2 is deployed in in-line mode, does it allow encrypted traffic to flow ( even without analyzing) ?

Or does it blocks the traffic that it can't analyzed ?

Re: Encrypted traffic though IDSM-2

It will usually let it pass :).

There are some signatures in Cisco IPS software that have 'deny' actions by default, specially those pertaining to TCP normalization, you can either remove their deny action or monitor the network closely for any hickups.

Regards

Farrukh

135
Views
0
Helpful
4
Replies
CreatePlease to create content