Actually for the ISG platform, you may not even be able to see the encrypted traffic itself as this is handled in hardware. You will not be able to see even in the debugs.
****pls click the button " Accept as Solution" if my post helped to solve your problem****
If the encrypted traffic is terminated on the ISG-2000, you can disable the security device from creating a hardware session for a specific traffic via CLI "set no-hw-sess" under policy for troubleshooting purposes. This is supported since ScreenOS 6.1
In addition to that, you can use flow and snoop filters on tunnel traffic since ScreenOS 6.2
Thanks fot your answer Cesar. Of course you can't decrypt the traffic when it's transit. I just wanted to make sure I didn't have it wrong on the debug feature on ISG's. Thanks again.
best regards,
Screenie. Juniper Ambassador, JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
)
)
