11-03-2009 09:29 AM - edited 03-09-2019 10:41 PM
Hello all, I have a question. I work at a hospital with about 500 PC's. A much larger hospital (40,000 PC's) wants me to setup a site-to-site VPN. My concern is this hospital got hit hard with the Confiker virus earlier in the year that took them a couple of weeks to get rid of, what is the chance that a virus will propagate over the site-to-site VPN and infect my PC's? I'm sure they would want to do subnets instead of host ACLs. I have an ASA with the SSM module installed; will this inspect encrypted VPN traffic?
11-16-2009 01:37 AM
To start with your original question, will a virus propagate over a L2L ?
Yes it will (as a general rule)
What are the chances of this happening ?
basically it is a question impossible to answer without more information, but I would state that if that is the virus method of spreading (networks) then I would say it is a very high probability that it would spread to your network to.
No the SSM will not inspect encrypted VPN traffic. (it is encrypted !)
However if the vpn is terminated in the same Device as the ssm is installed on I am shure that it is possible to use the SSM to check the traffic that is coming from the other side of the VPN and also the traffic leaving for the other side.
There is nothing stating that you can not do acls based on subnet, however only open the things that realy needs to be open and only between the hosts that needs it.
If you follow that rule (anything else is just stupid) you will end up with a combination of both subnet and hosts in the access-lists.
HTH
11-16-2009 05:53 AM
Thanks HTH, I figured this to be true. I will take a look at the SSM to see the impact of filtering the traffic.
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: