STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The IPsec VPN Gateway must use Internet Key Exchange (IKE) for IPsec VPN Security Associations (SAs).

DISA Rule

SV-207252r608988_rule

Vulnerability Number

V-207252

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-VPN-002220

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the IPsec VPN Gateway to use IKE and IPsec VPN SAs.

Check Contents

Verify the IKE protocol is specified for all IPsec VPNs.

If the IKE protocol is not specified as an option on all VPN gateways, this is a finding.

Vulnerability Number

V-207252

Documentable

False

Rule Version

SRG-NET-000512-VPN-002220

Severity Override Guidance

Verify the IKE protocol is specified for all IPsec VPNs.

If the IKE protocol is not specified as an option on all VPN gateways, this is a finding.

Check Content Reference

M

Target Key

2920

Comments