Turn off IPSEC on Site-to-Site VPN?

nb- · August 2016

Hi

I'm making a presentation about Site-to-Site VPN between 2 Cisco ASA Firewalls for a school project. During the presentation i would like to show the difference between encrypted and unencrypted traffic. My plan is to have a VPN connection established between two ASA Firewalls (It has to be firewalls)
I would like to turn off IPSEC, setup wireshark on a PC and send some ICMP traffic and then show what the ICMP packages looks like in plain text.. Then turn on IPSEC and once again show what the package looks like when its been encrypted.

But is it even possible to turn off IPSEC on a site to site connection on a cisco ASA Firewall? I haven't been able to find any solution.. If there is one, could you please tell me the easiest one so that it can be turned on/off with a matter of one command or so?

Kreken · August 2016

I would suggest to replace ASAs with the routers. To make your point, you can setup a GRE tunnel and then apply ipsec profile to it.

NotHackingYou · August 2016

If you currently have tunnel mode you could show the completely encrypted traffic then switch to transport mode where the headers will be exposed.

mackenzae · August 2016

Kreken wrote: »

I would suggest to replace ASAs with the routers. To make your point, you can setup a GRE tunnel and then apply ipsec profile to it.

This is probably the closest to what you described.

You could also just show a packet capture between the two ASAs with just a routed link and then build the tunnel and pull another packet capture and show that the data is now encrypted but there isn't like an on/off switch for IPSEC on a VPN tunnel - its built into technology.

Turn off IPSEC on Site-to-Site VPN?

Comments