I have Cisco IPS 4240 deployed in the infrastructure.
I have GRE over IPSec Tunnels accross many locations.I want to know if IPS can check for GRE Payload in case of packets flowing accross GRE over IPSec Tunnel. ( e.g. can I use signature id 1401/0- IPIP Encapsulation )
Problem faced: user laptop was infected and it was locking the account of another user in another location to whom he used to communicate on GRE over IPSec Tunnel.