This is a very basic configuration example for a site-to-site IPSec VPN. You should understand what the parameters mean, before you set it up for production.
Lately I stumbled upon a Cisco 877 security hardening guide. The suggestion is to block (via source IP) private, reserved and unallocated IP ranges. I will explain why this is a bad idea and how to properly block malicious traffic.
In this post I will talk about ICMP unreachables, the security concerns about them and why you shouldn’t disable it on your routing boxes.