Hello, we’ve had an external PCI compliance scan done on our network. It brought up UDP port 500 being in an open state and visible from external networks. We don’t have any active SSL VPNs besides a site-to-site tunnel going to one of our other branches.
Is there anyway to configure a rule to block complete external access to port 500 while keeping the communications in tact for the site-to-site tunnel? Our end goal is to ensure that the tunnel is not visible from the outside. We’ve attempted to create a black hole IP address for port 500, however this caused a conflict with our existing tunnel and had to deactivate it.
This thread was automatically locked due to age.