Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17814 | NET1808 | SV-19063r1_rule | Medium |
Description |
---|
The IPSec tunnel end points may be configured on the OOBM gateway routers connecting the managed network and the NOC. They may also be configured on a firewall or VPN concentrator located behind the gateway router. In either case, the crypto access-list used to identify the traffic to be protected must be a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer. |
STIG | Date |
---|---|
Firewall Security Technical Implementation Guide - Cisco | 2017-12-07 |
Check Text ( C-19020r1_chk ) |
---|
Verify the configuration at the remote VPN end-point is a mirror configuration as that reviewed for the local end-point. |
Fix Text (F-17724r1_fix) |
---|
Configure he crypto access-list used to identify the traffic to be protected so that it is a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer. |