• Unique network collaboration-Enhances scalability and resiliency through network collaboration, including efficient traffic capture techniques, load-balancing capabilities, and visibility into encrypted traffic.
IPS don't support inspection of Encrypted traffic it is only for headers...Thanks
Please see below...
:Encrypted traffic cannot be inspected. Inspection must occur before encryption or after decryption. This rule applies to both IPsec and Secure Sockets Layer (SSL) VPN encryption. You can apply both Cisco IPS AIM and encryption simultaneously on one router and in one data flow in cases where branch-office devices are granted direct Internet access and do not cross a corporate WAN where IPS is applied.
you probably missed this, but the original post is 2 years old, and is a discussion about the 4200 series appliances. Inspection is possible on a device that does both IDS/IPS and is an encryption endpoint (think ASA with IPS module). This is not the case with the 4200 series IPS appliances.
I have searched through the many posts on Cisco's site and google searches as well. The google search lead me to this post! Yes I know this post is old but Cisco fails to date their documents so it makes it hard to determine what is new and what is old. (thanks for the cheese ;)........
Just for clarification purpose:
Please someone correct me if I am incorrect.
It appears the Cisco IPS module can inspect SSL and IPSec traffic ONLY *****IF****** the encrypted session terminates on the Cisco ASA or a Cisco router configured for SSL/IPSec sessions. The ASA or router will decrypt the encrypted packet(s) and pass these unencrypted packets to the IPS for inspection. I would think the IPS could be an internal module on the ASA/Cisco router or an external appliance.
If the SSL/IPSec session if between a client and server, where the encrypted traffic passes through an ASA and or router to reach one another - client/server, the ASA or router do not play a role in the encryption session, but merely act as a traffic validation and routing point, then NO SSL or IPSec traffic can be inspected by the ASA or Router. I see this as pretty simile to understand as intermediary devices do not have the "KEY" to unlock the encryption. If the ASA or Cisco router could decrypt the session, the Internet would be completely useless, we would have to go back to point-to-point links everywhere.
In the above scenario, if the ASA/router terminated both client and server sessions
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...