You'll need to create a firewall rule allowing inbound access on the firewall protecting the destination environment. You should definitely create a point-to-point rule that limits inbound access to the source IP address of the other tunnel endpoint; regardless, this rule still allows some extra degree of inbound access. When you have the choice of adding complexity to a less sensitive or more sensitive environment, you should opt to add it to the less sensitive environment.
Remember that complexity is the enemy of security: it makes verification of security controls more difficult and increases the likelihood of a configuration error. Adding the inbound rule to the less secure environment increases the complexity of that environment rather than the more secure one.
Dig Deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.