An error occurred:

Check: NET1808

Network - Firewall: NET1808 (in versions v8 r25 through v8 r21)

Title

Gateway configuration at the remote VPN end-point is a not a mirror of the local gateway (Cat II impact)

Discussion

The IPSec tunnel end points may be configured on the OOBM gateway routers connecting the managed network and the NOC. They may also be configured on a firewall or VPN concentrator located behind the gateway router. In either case, the crypto access-list used to identify the traffic to be protected must be a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.

Check Content

Verify the configuration at the remote VPN end-point is a mirror configuration as that reviewed for the local end-point.

Fix Text

Configure he crypto access-list used to identify the traffic to be protected so that it is a mirror (both IP source and destination address) of the crypto access list configured at the remote VPN peer.

Additional Identifiers

Rule ID:

Vulnerability ID: V-17814

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check