This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS detects portscan with every roadwarrior connec

We have an Astaro ASG-120 with 6.100 the portscan detection running. Usualy this works fine, but it detects a portscan with each VPN-roadwarrior connect. It doesnt matter if it is a PPTP or a L2TP roadwarrior.

Anybody any idea?!??

Thanks,

Matthias

This thread was automatically locked due to age.

0 VelvetFog over 19 years ago

Strange. I use PPTP a lot, and so does a number of the folks at my office. Our ASG 6.102 systems do not detect VPN access as port scans. I suspect you have something misconfigured in your IPS setup. Examine your settings, and make sure that your Internal and PPTP-Pool networks are excluded from portscan detection. You only need to run portscan detection against your WAN interface.
Cancel
Vote Up 0 Vote Down

Cancel
0 MatthiasFleschuetz over 19 years ago in reply to VelvetFog

Hi,

thanks for your replay...

[ QUOTE ]
I use PPTP a lot

[/ QUOTE ]

I would highly recommend to change to L2TP over IPSec as M$ itself states in the KB that PPTP is not longer recommended due to security issues..., just BTW..[;)]

[ QUOTE ]
Examine your settings, and make sure that your Internal and PPTP-Pool networks are excluded from portscan detection. You only need to run portscan detection against your WAN interface.

[/ QUOTE ]

I dont want to exclude these networks, as I want to see if maybe a VPN dialup connection is highjacked and used for non regular traffic...
But thanks for the feedback that you dont have any problems, so I have to check it in the settings.

Matthias
Cancel
Vote Up 0 Vote Down

Cancel
0 InlineFive over 19 years ago in reply to MatthiasFleschuetz

Yes, but the dialup connection is still being received on the WAN interface. You don't need IDS on the LAN interface to do what you think you want.
Cancel
Vote Up 0 Vote Down

Cancel