VPN Concentrator Vulnerability Pre-shared Key Off-line Bruteforcing Using IKE Aggressive Mode
I conducted a vulnerability test against Cisco VPN Concentrator 3060 and it hsows the following vulnerability.
I have enabled only the remote access VPN and no site to site VPN.
How can I remove this vulnerability?
Pre-shared Key Off-line Bruteforcing Using IKE Aggressive Mode
THREAT: IKE is used during Phase 1 and Phase 2 of establishing an IPSec connection. Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. Every participant in IKE must possess a key which may be either pre-shared (PSK) or a public key. There are inherent risks to configurations that use pre-shared keys which are exaggerated when Aggressive Mode is used.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...