Hi, I have ASA-5200 in US and India end. I have to create IPSEC peer-2-peer tunnel between them.
US peer address is 22.214.171.124 & network is 10.0.0.0/24. INDIA peer address is 126.96.36.199 & network is 188.8.131.52/24.
I have already permitted the interesting traffic in ACL and binded with Crypto ACL. I have configured no NAT also.
My questions are-
1. Should I permit IPSEC on physical OUTSIDE interface on both side to allow peer address for Tunnnel Phase-1 & 2?
2. Should I configured any ACL on outside interface to accept the reply connection. Like if US network 10.0.0.0/24 is sending traffic on citrix port to 184.108.40.206/24. Should I open ACL on US Outside interface to allow reply from 220.127.116.11/24?
Please help and cash my best wishes.