Hi all,
I have a question about ipsec rules for vpn configurations.
Generally I configure ipsec tunnels with this ipsec rule:
local lan x.x.x.x 255.255.0.0
remote lan y.y.y.y 255.255.0.0
local peer A.A.A.A
remote peer B.B.B.B
ipsec rule= access-list outside_51_cryptomap extended permit ip x.x.x.x 255.255.0.0 y.y.y.y 255.255.0.0
In these days one of our customers want to add 2 other rules
access-list outside_51_cryptomap extended deny ip A.A.A.A 255.255.255.255 B.B.B.B 255.255.255.255
access-list outside_51_cryptomap extended permit ip x.x.x.x 255.255.0.0 B.B.B.B 255.255.255.255
Doea anyone have any idea about the reason?
They told me there are security reasons. Is it correct?