Can I scan networks that require a VPN tunnel be established prior to scanning?

Document created by kb-author-1 Employee on May 19, 2010Last modified by eschamp on Jul 16, 2010
Version 3Show Document
  • View in full screen mode

Issue:

Can I scan networks that require a VPN tunnel be established prior to scanning?

 

 

Solution:

VPN networks perform preliminary authentication to allow host connections. Since this authentication cannot be bypassed, QualysGuard cannot establish a VPN connection and scan the VPN.

 

However, QualysGuard can scan down an already established VPN tunnel, for example when the VPN is site-to-site and created by a third party device such as a VPN concentrator or Firewall.

 

This is not a recommended configuration, because of limitations in the available MTU size, encapsulation problems and security measures integrated into the VPN.

 

However, QualysGuard can scan the device which handles VPN connections, and this is a good practice since several vulnerabilities have been discovered on VPN devices. These vulnerabilities could affect the security/privacy of your VPN secured networks.

 

You can use the Tools > KnowledgeBase to find information about vulnerabilities that may be discovered on a device that handles VPN connections. See QIDs 38108-38112, 38115, 45014, 90022. Several search options allow you to search the knowledgebase for more vulnerabilities that may threaten the security of your VPN network.

 

 

 

Qualys Support KnowledgeBase

http://community.qualys.com/community/kb

 

 

 

ID:  010.001.613.000

Attachments

    Outcomes