The Remote Access VPN Gateway must be configured to prohibit Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-266998 | ARBA-VN-000470 | SV-266998r1040760_rule | Medium |
| Description |
| PPTP and L2F are obsolete methods for implementing virtual private networks. Both protocols may be easy to use and readily available, but they have many well-known security issues and exploits. Encryption and authentication are both weak. |
| STIG | Date |
| HPE Aruba Networking AOS VPN Security Technical Implementation Guide | 2024-10-29 |
Details
| Check Text (C-70922r1040758_chk) |
| Verify the AOS configuration with the following commands: show ip access-list vpnlogon show firewall-cp If PPTP or TCP 1723 are permitted, this is a finding. |
| Fix Text (F-70825r1040759_fix) |
| Configure AOS with the following commands: configure terminal cd /mm ip access-list session vpnlogon any any svc-pptp deny exit write memory cd /mynode firewall cp ipv4 deny any proto 6 ports 1723 1723 ipv6 deny any proto 6 ports 1723 1723 exit write memory |