We had an indipendent analyst perform a Vulnerability Assesment against
our BM 3.9 SP2, NW 6.5 SP2, eDir server. The found the following

************************************************** ***************
isakmp (500/udp) High

Risk factor : High

The remote system appears to have a problem with processing invalid
requests with invalid cookie values. At least one VPN product (racoon)
demonstrates this flaw. Racoon is integrated with:

FreeBSD 4.0 and beyond
OpenBSD 2.7 and beyond
NetBSD 1.5 and beyond
BSD/OS 4.2 and beyond

However, the bug has only been verified on FreeBSD systems.

An attacker may use this flaw to disable your VPN remotely.

Solution : If you are running racoon VPN, download and install the latest
SNAP kit from http://www.kame.net

isakmp (500/udp) Low

Risk factor : Low

The remote host seems to be enabled to do Internet Key Exchange (IKE).
This is typically indicative of a VPN server. VPN servers are used to
connect remote hosts into internal resources.

Solution: You should ensure that:
1) The VPN is authorized for your Companies computing environment
2) The VPN utilizes strong encryption
3) The VPN utilizes strong authentication

isakmp (500/tcp) Low

PGPNet uses OpenPGP build version: } S o, R V
************************************************** **********************

What, if anything, can I do to plug these holes in the firewall?