IDS on VPN-GW

Hi folks,
I have recently tested snort on a vpn-gateway that runs on linux (just for testing purposes, no productive server).

This might be of use if the gateway connects to another gateway so that traffic on both the inside and outside interfaces is encrypted.

The vpn software inserts an ipsec layer beneath the normal ip-stack and thus provides a new interface that you can sniff off, e.g. with tcpdump, just like sniffing on eth0 or another interface.

When sniffing on the logical interface of the vpn software, the ids sees all original, unencrypted ip-datagrams.

Of course this practice will impact server-performance and does not scale well when loadbalancing over several machines.

Has anybody deployed such a configuration on a productive server?

I would like to know if such a configuration could be handled in real-life.

Any experiences, suggestions, ideas...?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Thanks,
counterspy

-- 
+++ GMX - Mail, Messaging & more  
http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!