I am looking for a guide on how to Harden my VPN router. Specifically I am looking for what ACL rules I should be applying on my public exposed interface to ensure only L2L and RA VPNs can establish.
Should I only enable the following ports and deny everything else?
- IP Protocol Type=UDP, UDP Port Number=500
- IP Protocol Type=UDP, UDP Port Number=4500
- IP Protocol Type=ESP (value 50)
Any assistance is appreciated.