PCI compliance scanning with Juniper network=s application acceleration Platform (VPN)
Posted on 2016-10-05
We have to do compliance scanning now going forward every quarter and w do have 3 users that have the juniper vpn installed on their local computer. This is causing us to fail along with the following other problems. Any advice to clear these failures would be appreciated:
1. We have an ASA 5505 and we are getting the following problem, that I think is being caused by the lack of a ssl certificate on the ASA??Not sure. but the failure description is: An SSL cert associates an entity (person ,ORG, host, etc) with a public Key. In and SSL connection Client Autheticates the server's cert and extracts the public Key in the cert to establish the secure connection.
So the question is where do they want a cert?. I can't put it on the ASA and it doesn't make sense to put it on the 3 users computers that use the Juniper VPN. Is this happening because the Juniper VPN is not the latest version?
2. Anothewr failure is labled Pre-shared key off-line bruteforcing using IKE aggressive Mode (CVE-2002-1623)
3. Lst problem is again related the the Juniper VPN and port 500/udp. IDE is used during Phase 1 and Phase 2 of the establishing connection. Phse 1 the two ISAKMP peers establish a secure authenticated channel which to communicate. Every participant in the IKE must possess a key that my be rather pre-shared or Publickey. There are inherent risks to configurations that use pre-shared keys which ar exaggerated when aggressive mode is used.