I have a question regarding policy NAT set up in our firewalls.
We current have numerous VPN tunnels set up with some being configured to some outside sources set up with a policy NAT similar to this:
crypto map pub 30 ipsec-isakmp
crypto map pub 30 match address policy
crypto map pub 30 set peer 18.104.22.168
crypto map pub 30 set transform-set 3dessha
static (inside,outside) 10.9.6.1 access-list policy_translation 0 0
access-list policy_translation permit ip host 10.1.15.1 host 10.7.15.3
access-list policy permit ip 10.9.6.0 255.255.255.248 host 10.7.15.3
My question is, is this usually set up this way for added security?
It looks as though the tunnels configured this was are mostly for connections from outside networks.
Why go through this process ?