Q: Cisco Site to Site VPN

New week a new question, in this case the question is a bit more generic and I believe raises a few dilemmas, feel free to take a shot at it:

Hi Experts,

Is it secure to just configure Cisco IPSEC/GRE site to site tunnel without firewall/IPS/IDS. The argument here is although it is internet facing, there is only a host to host routing between the routers and the default route goes to the tunnel. Am I right to say that it is technically secure since the router only route traffic between the designated routers?

Thanks in advance.

Regards,
J. O.

One Comment:

  1. No, but don’t make me release this IOS shellcode package with battery of working exploits for MetaSploit in order to prove the point.

    Also see: MPLS PE routers and the work by Enno Rey.

    Also see: ike-scan, ikeprobe.

    Also see: OSVDB.org

Leave a Comment