Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can CSIDS detect content/context attacks in ESP traffic?

A customer has sensors north of a VPN where all traffic is encrypted ESP traffic. Is this sensor able to detect attacks? I trying to determin if it would be better deployed south of VPN.

2 REPLIES
Bronze

Re: Can CSIDS detect content/context attacks in ESP traffic?

If by north you mean outside the VPN, then the sensor will not be able to inspect the traffic as its encrypted. If this is the case, putting the sensor behind the VPN would definitely make sense. This assumes you want to inspect the traffic traversing the VPN of course.

New Member

Re: Can CSIDS detect content/context attacks in ESP traffic?

Yes I do mean outside the VPN and the traffic is all encrypted. Thanks for confirming that the IDS is not doing anything with the ESP traffic.

118
Views
0
Helpful
2
Replies