cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
131
Views
0
Helpful
1
Replies
Highlighted
Beginner

Tunnel Initiation from Foreign Host

What is the criteria that a Site-to-Site VPN is established? I thought If encrypted packets are received from a "peer" the PIX decrypts the packets and looks if the traffic inside matches the crypto access-list?

If this is true: Is it nesseccary to have a "mirrored" entry in the local crypto access: "permit ip theirhost myhost" or will a "permit ip myhost theirhost" be automatically mirrored for incoming traffic (no sa established!).

Best regards!

Sebastian Koerner

1 REPLY 1
Highlighted
Beginner

Hi,

There is no need to have a mirrored entry in the crypto acl.

"permit ip myhost theirhost" statement will take care of the reverse traffic also.

Regards,

Shijo George.