The Remote Access VPN Gateway must be configured to prohibit Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F).
Overview
Finding ID | Version | Rule ID | IA Controls | Severity |
V-266998 | ARBA-VN-000470 | SV-266998r1040760_rule | Medium |
Description |
PPTP and L2F are obsolete methods for implementing virtual private networks. Both protocols may be easy to use and readily available, but they have many well-known security issues and exploits. Encryption and authentication are both weak. |
STIG | Date |
HPE Aruba Networking AOS VPN Security Technical Implementation Guide | 2024-10-29 |
Details
Check Text (C-70922r1040758_chk) |
Verify the AOS configuration with the following commands: show ip access-list vpnlogon show firewall-cp If PPTP or TCP 1723 are permitted, this is a finding. |
Fix Text (F-70825r1040759_fix) |
Configure AOS with the following commands: configure terminal cd /mm ip access-list session vpnlogon any any svc-pptp deny exit write memory cd /mynode firewall cp ipv4 deny any proto 6 ports 1723 1723 ipv6 deny any proto 6 ports 1723 1723 exit write memory |