Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
1
Replies

IPS and GRE over IPSec Tunnel

nachiket.sathaye
Level 1
Level 1

‎03-03-2010 07:22 AM - edited ‎03-10-2019 04:54 AM

I have Cisco IPS 4240 deployed in the infrastructure.

I have GRE over IPSec Tunnels accross many locations.I want to know if IPS can check for GRE Payload in case of packets flowing accross GRE over IPSec Tunnel. ( e.g. can I use signature id  1401/0- IPIP Encapsulation )

Problem faced:  user laptop was infected and it was locking the account of another user in another location to whom he used to communicate on GRE over IPSec Tunnel.

Labels:
0 Helpful
1 Reply 1

rizwanr74
Level 7
Level 7

‎06-29-2010 07:46 AM

As a workaround for now, we used a Service Account on the sensor to edit

the /usr/cids/idsRoot/etc/sensorApp.conf file, when done you must reboot the IPS in order to reflect the change, adding:

[Tunnel]

WantGRE=false

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card