Stopping connections on IKE/500 except from remote S2S IP
Cyberinsurance provider does routine port scans against WAN IPs associated with the hosts in the external DNZ zone. They are now complaining that IKE/500 on the TZ is open to the Internet. We have a S2S IPSec VPN to a remote site, so no choice that I know of except to keep 500 open.
I modified the auto-added inbound IKE rule to allow connections only when the source is the remote site's WAN subnet.
Requested another scan from cyberinsurance. They say the port's still open.
I've asked for clarification of their requirements. But meantime, is there anything else I'd need to do to keep IKE/500 from being abused by the bad guys other than restrict connections from the remote WAN subnet?