Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN between server and router

I have had a request to setup an ipsec tunnel between a server and a router to prevent data compromise via sniffing. Is there any validity to this request? In a switching environment how could someone sniff unless they have access to the switch to setup a monitor session? This is for LAN traffic.

The only way they could sniff is if they had access to the wire correct?


Re: VPN between server and router

We are using the same for loggin to our syslog server (IP sec betweem Server and router - interesting traffic for IPSEC are syslog massages). I tried to sniff this traffic on switches and also directly on server - you can see only ESP header and rest of packet is crypted - so this sniff is for hacker irrelevant. if you use for IPSEC stroger alghorithm 3DES or AES for encryption is there no way how to decrypt packet . So final answer: If you implemt this technoglogy correctly its safe agains packet snnifer - it also recommnedation form Cisco - IPSEC is one of the packet sniffer mitigation



Rate helpful posts


Re: VPN between server and router

a technique named arp poisoning may be applied in conjunction with a sniffer software.

as the name suggested, the software will try to poison the arp in order to "force" the switch to forward the packet to it for packet capturing.

as mentioned from the previous post, ipsec vpn is one of the best techniques to safeguard sniffing.

CreatePlease to create content