Is there a way to disable isakmp on interfaces that don't need it? Other then writing ACLs? For example my IOS routers are responding to udp 500 on the inside interfaces, and I really only need it on the outside. Not a really big deal, but the auditors want everything not needed disabled. Are there any issues with doing this?
That is not what I'm seeing. It looks like the router is responding on port 500 with isakmp on all interfaces. There are no crypto statements that name interface or on any interface. I also don't see an cyrpto statement that says default.
I'm sure I'm missing something, but what?
The audit request is standard best practice... Disable unused services on all interfaces where possible and appropriate.
This may have to stay on, but just checking. It's nice to be as clean as possible.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...