Why does Openvas send IPSEC connection requests?
@achuttnair well. no, but portscan on ike ports can look like it…
Hello and welcome to this community portal.
In general it is in the nature of a vulnerability scanner to probe the remote host and it’s services in different ways.
This includes the previously mentioned port scanner but also additional “probing” for services to do the service detection of these. Most likely the IPSEC connection request is originating from either this probing for services supporting IPSEC/IKE or from actual vulnerability checks on such kind of services.
If unsure what things a vulnerability scanner is actually doing the following high level description is available: