Turn off IPSEC on Site-to-Site VPN?
nb-
Member Posts: 40 ■■□□□□□□□□
Hi
I'm making a presentation about Site-to-Site VPN between 2 Cisco ASA Firewalls for a school project. During the presentation i would like to show the difference between encrypted and unencrypted traffic. My plan is to have a VPN connection established between two ASA Firewalls (It has to be firewalls)
I would like to turn off IPSEC, setup wireshark on a PC and send some ICMP traffic and then show what the ICMP packages looks like in plain text.. Then turn on IPSEC and once again show what the package looks like when its been encrypted.
But is it even possible to turn off IPSEC on a site to site connection on a cisco ASA Firewall? I haven't been able to find any solution.. If there is one, could you please tell me the easiest one so that it can be turned on/off with a matter of one command or so?
I'm making a presentation about Site-to-Site VPN between 2 Cisco ASA Firewalls for a school project. During the presentation i would like to show the difference between encrypted and unencrypted traffic. My plan is to have a VPN connection established between two ASA Firewalls (It has to be firewalls)
I would like to turn off IPSEC, setup wireshark on a PC and send some ICMP traffic and then show what the ICMP packages looks like in plain text.. Then turn on IPSEC and once again show what the package looks like when its been encrypted.
But is it even possible to turn off IPSEC on a site to site connection on a cisco ASA Firewall? I haven't been able to find any solution.. If there is one, could you please tell me the easiest one so that it can be turned on/off with a matter of one command or so?
Comments
-
Kreken Member Posts: 284I would suggest to replace ASAs with the routers. To make your point, you can setup a GRE tunnel and then apply ipsec profile to it.
-
NotHackingYou Member Posts: 1,460 ■■■■■■■■□□If you currently have tunnel mode you could show the completely encrypted traffic then switch to transport mode where the headers will be exposed.When you go the extra mile, there's no traffic.
-
mackenzae Member Posts: 77 ■□□□□□□□□□I would suggest to replace ASAs with the routers. To make your point, you can setup a GRE tunnel and then apply ipsec profile to it.
This is probably the closest to what you described.
You could also just show a packet capture between the two ASAs with just a routed link and then build the tunnel and pull another packet capture and show that the data is now encrypted but there isn't like an on/off switch for IPSEC on a VPN tunnel - its built into technology.