Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

GRE tunnels and IDS sensor

In Cisco IDS Active Update Bulletin #7 issue 2 discusses VLAN decoding of the 802.1q format. The Sensor strips the VLAN header and passes the IP packet through the normal packet-processing channel allowing. Does this ability exist for GRE tunnels?

I am monitoring a link with many GRE tunnels and I am not getting any signature matches from those packets.

1 REPLY
Cisco Employee

Re: GRE tunnels and IDS sensor

The GRE Tunneling is adding another layer of encapsulation of the original IP Packet.

Currently the sensor is not built to unencapsulate the GRE Tunnel packets.

Also many people will use IPSEC along with the GRE Tunnels.

In this case, even if the sensor is able to unencapsulate the GRE Tunnel packets it would still not be able to analyze the original packets because they would be encrypted.

Please contact the TAC to have them open an enhancement request in DDTS for the GRE Tunnel unencapsulation support in the sensor software: http://www.cisco.com/kobayashi/support/case_open.shtml

Until this enhancement has been fulfilled you will need to monitor the traffic before/after being routed through the GRE Tunnel.

146
Views
0
Helpful
1
Replies
CreatePlease to create content