You'll need to create a firewall rule allowing inbound access on the firewall protecting the destination environment. You should definitely create a point-to-point rule that limits inbound access to the source IP address of the other tunnel endpoint; regardless, this rule still allows some extra degree of inbound access. When you have the choice of adding complexity to a less sensitive or more sensitive environment, you should opt to add it to the less sensitive environment.
Remember that complexity is the enemy of security: it makes verification of security controls more difficult and increases the likelihood of a configuration error. Adding the inbound rule to the less secure environment increases the complexity of that environment rather than the more secure one.
Dig deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.