Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2287
Views
5
Helpful
2
Replies

Close UDP port 500 and only allow IPsec peer

mmzzaq
Level 1
Level 1

‎11-04-2019 07:42 AM - edited ‎02-21-2020 09:47 PM

I was finishing up a Asa 5506-X config and just to make sure everything was setup correctly and safe, I did a portscan to the Asa's WAN port from a computer on the internet. I noticed UDP port 500 was open and I figure it's needed for our lan to lan VPN tunnel between the Asa and a firewall on a remote location.

Is it possible I close this port with a firewall rule so it's only accessible by the firewall on the remote location? Something like this (incoming):

allow udp 500 from <remote location ip>
deny udp 500 from any

(Syntax not good but not asking for this, just wondering about the general concept)

Thanks in advance

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-04-2019 08:53 AM

Hi,

Perhaps you could consider a control-plane ACL, this is used to restrict access to the ASA. Example here.

 

HTH

mmzzaq
Level 1
Level 1
In response to Rob Ingram

‎11-06-2019 03:45 AM

Thanks for the info. That looks like something I could use. Will try it soon, cheers.

0 Helpful
Customers Also Viewed These Support Documents