Hi everyone, Just wondering if I could tackle this vuln using an ACL allowing only IKE1/2 traffic for selected VPN peers. Would that block any UDP crafted packets from getting through the ASA ipsec engine? Awaiting your comments, Theo.