Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Hardening Interface used for VPN

GRANT3779
Spotlight
Spotlight

‎04-26-2013 01:44 PM

Are there "must do's" on outside interfaces used for Site to Site VPNs? There is no NAT used on the interfaces. Looking for advice on what I should be applying to the interface in terms of ACL. At the moment,the only thing I have applied is to allow my "Interesting" traffic through the VPN. Should I be limiting incoming traffic etc...? New to VPN setup and don't want to leave the network wide open..

Any advice is appreciated.

Thanks

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎04-26-2013 02:58 PM

There is no NAT used on the interfaces

It can be NAT on that interface, no issue at all.

Are there "must do's" on outside interfaces used for Site to Site VPNs?

You could allow only ISAKMP and IPSec traffic from valid trusted IP addresses and the regular checks, nothing different from the usual.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents