UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Gateway configuration at the remote VPN end-point is a not a mirror of the local gateway


Overview

Finding ID Version Rule ID IA Controls Severity
V-17814 NET1808 SV-19063r1_rule Medium
Description
The IPSec tunnel end points may be configured on the OOBM gateway routers connecting the managed network and the NOC. They may also be configured on a firewall or VPN concentrator located behind the gateway router. In either case, the crypto access-list used to identify the traffic to be protected must be a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2017-12-07

Details

Check Text ( C-19020r1_chk )
Verify the configuration at the remote VPN end-point is a mirror configuration as that reviewed for the local end-point.
Fix Text (F-17724r1_fix)
Configure he crypto access-list used to identify the traffic to be protected so that it is a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.