Q: Cisco Site to Site VPN
April 30th, 2008 by expert, Filed under: Ask the Expert
New week a new question, in this case the question is a bit more generic and I believe raises a few dilemmas, feel free to take a shot at it:
Hi Experts,
Is it secure to just configure Cisco IPSEC/GRE site to site tunnel without firewall/IPS/IDS. The argument here is although it is internet facing, there is only a host to host routing between the routers and the default route goes to the tunnel. Am I right to say that it is technically secure since the router only route traffic between the designated routers?
Thanks in advance.
Regards,
J. O.
Subscribe
Subscribe
No, but don’t make me release this IOS shellcode package with battery of working exploits for MetaSploit in order to prove the point.
Also see: MPLS PE routers and the work by Enno Rey.
Also see: ike-scan, ikeprobe.
Also see: OSVDB.org