Solved: Re: VPN Concentrator Open ports

avilt · ‎02-17-2007

I am running port scan(Angry IP Scanner) against VPN concentrator. Sometimes it shows the port 21 as open. I have disabled ftp under "Management Protocols" Sometimes it shows port 389 & 1002 as open. Whats wrong with my VPN concentrator?

I have enabled only IPSEC under Tunneling Protocols.

When I run port scan what ports should be listed as open?

Thanks

sachinraja · ‎02-19-2007

Hello avilt,

VCA stands for Virtual Cluster Agent. This is basically used when the VPN 3000 pair is configured for load balancing... when doing this the boxes talk to each other on VCA and we normally need to allow this on the filters ..

My question is, have u enabled this filter on the public interface ?? are u seeing the ports going through the VPN concentrator or are u doing a VA scan and seeing these ports (like FTP) open on the VPN concentrator?

Raj

View solution in original post

kaachary · ‎02-19-2007

Hi,

can you check the Interface Filter and the corresponding rules applied to it.

You might have a rule defined to allow the mentioned ports.

HTH,

-Kanishka

avilt · ‎02-19-2007

I have the following filters for the Public interface.

IPSEC-ESP In(forward/in)

IKE(forward/in/out)

ICMP(forward/in/out)

VRRP(forward/in/out)

NAT-T(forward/in/out)

VCA(forward/in/out)

Whats this VCA filter used for?

sachinraja · ‎02-19-2007

Hello avilt,

VCA stands for Virtual Cluster Agent. This is basically used when the VPN 3000 pair is configured for load balancing... when doing this the boxes talk to each other on VCA and we normally need to allow this on the filters ..

My question is, have u enabled this filter on the public interface ?? are u seeing the ports going through the VPN concentrator or are u doing a VA scan and seeing these ports (like FTP) open on the VPN concentrator?

Raj

avilt · ‎02-19-2007

Thank You. Something is wrong on my scanning PC. It shows ports 389 and 1002 as open for every IP address even for hosts which are not alive.