Stopping connections on IKE/500 except from remote S2S IP
Cyberinsurance provider does routine port scans against WAN IPs associated with the hosts in the external DNZ zone. They are now complaining that IKE/500 on the TZ is open to the Internet. We have a S2S IPSec VPN to a remote site, so no choice that I know of except to keep 500 open.
I modified the auto-added inbound IKE rule to allow connections only when the source is the remote site's WAN subnet.
Requested another scan from cyberinsurance. They say the port's still open.
I've asked for clarification of their requirements. But meantime, is there anything else I'd need to do to keep IKE/500 from being abused by the bad guys other than restrict connections from the remote WAN subnet?
@MustafaA, thanks! The auto-created inbound IKE rule is the only inbound IKE rule.
And, yes, I'd think that would be all that would be needed, too.
When the cyberinsurance carrier gets back to me with specific findings and requirements, I'll post here if I can't figure out how to meet them. Unfortunately, my past experience with them is that there will be no way to meet them. But we'll see.