When we connect to LCP over the non-standard port like 2222 via putty and Winscp tool, we might end up with this error message. However we can connect to the LCP via SecureCRT.
Note: We will be able to connect over standard port 22 via Putty, Winscp and SecureCRT.
Customer’s firewall IPS signature for CVE-2001-0361 vulnerability blocks our LCP to connect over non-standard ports like 2222 using putty and winscp application. We may connect via SecureCRT tool.
Vulnerability: Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
To overcome this issue, customer need to add an IPS exception policy, below are the steps to add.
Adding an IPS Exception
To add a new exception:
1. In the IPS tab, select Network Exceptions.
2. Click New, the Add/Edit Exception Rule window opens.
3. From Profile, select a profile or Any.
4. From Protection, select the excluded protection(s).
5. Define the Source and Destination, and Service for the excluded protection.
6. Define on which Security Gateways this exception is installed. Select one of these options:
7. Click OK and then install the policy.