Gateway configuration at the remote VPN end-point is a not a mirror of the local gateway

From Infrastructure Router Security Technical Implementation Guide Juniper

Part of Remote VPN end-point not a mirror of local gateway

SV-19063r1_rule Gateway configuration at the remote VPN end-point is a not a mirror of the local gateway

Vulnerability discussion

The IPSec tunnel end points may be configured on the OOBM gateway routers connecting the managed network and the NOC. They may also be configured on a firewall or VPN concentrator located behind the gateway router. In either case, the crypto access-list used to identify the traffic to be protected must be a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.

Check content

Verify the configuration at the remote VPN end-point is a mirror configuration as that reviewed for the local end-point.

Fix text

Configure he crypto access-list used to identify the traffic to be protected so that it is a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer