VPN Concentrator Open ports

Answered Question
Feb 17th, 2007

I am running port scan(Angry IP Scanner) against VPN concentrator. Sometimes it shows the port 21 as open. I have disabled ftp under "Management Protocols" Sometimes it shows port 389 & 1002 as open. Whats wrong with my VPN concentrator?

I have enabled only IPSEC under Tunneling Protocols.

When I run port scan what ports should be listed as open?

Thanks

I have this problem too.
0 votes
Correct Answer by sachinraja about 9 years 7 months ago

Hello avilt,

VCA stands for Virtual Cluster Agent. This is basically used when the VPN 3000 pair is configured for load balancing... when doing this the boxes talk to each other on VCA and we normally need to allow this on the filters ..

My question is, have u enabled this filter on the public interface ?? are u seeing the ports going through the VPN concentrator or are u doing a VA scan and seeing these ports (like FTP) open on the VPN concentrator?

Raj

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kaachary Mon, 02/19/2007 - 03:20

Hi,

can you check the Interface Filter and the corresponding rules applied to it.

You might have a rule defined to allow the mentioned ports.

HTH,

-Kanishka

avilt Mon, 02/19/2007 - 15:54

I have the following filters for the Public interface.

IPSEC-ESP In(forward/in)

IKE(forward/in/out)

ICMP(forward/in/out)

VRRP(forward/in/out)

NAT-T(forward/in/out)

VCA(forward/in/out)

Whats this VCA filter used for?

Correct Answer
sachinraja Mon, 02/19/2007 - 17:56

Hello avilt,

VCA stands for Virtual Cluster Agent. This is basically used when the VPN 3000 pair is configured for load balancing... when doing this the boxes talk to each other on VCA and we normally need to allow this on the filters ..

My question is, have u enabled this filter on the public interface ?? are u seeing the ports going through the VPN concentrator or are u doing a VA scan and seeing these ports (like FTP) open on the VPN concentrator?

Raj

avilt Mon, 02/19/2007 - 20:06

Thank You. Something is wrong on my scanning PC. It shows ports 389 and 1002 as open for every IP address even for hosts which are not alive.

Actions

This Discussion