Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS and GRE over IPSec Tunnel

I have Cisco IPS 4240 deployed in the infrastructure.

I have GRE over IPSec Tunnels accross many locations.I want to know if IPS can check for GRE Payload in case of packets flowing accross GRE over IPSec Tunnel. ( e.g. can I use signature id  1401/0- IPIP Encapsulation )

Problem faced:  user laptop was infected and it was locking the account of another user in another location to whom he used to communicate on GRE over IPSec Tunnel.

Everyone's tags (3)
1 REPLY

Re: IPS and GRE over IPSec Tunnel

As a workaround for now, we used a Service Account on the sensor to edit

the /usr/cids/idsRoot/etc/sensorApp.conf file, when done you must reboot the IPS in order to reflect the change, adding:

[Tunnel]

WantGRE=false

503
Views
0
Helpful
1
Replies