Here's a top ten of possible weak points to check as you assess your IPsec VPN (got from NW site):
1. Use of weak pre-shared keys.
2. Inappropriate use of IKE/ISAKMP aggressive mode (with weak pre-shared keys).
3. Inappropriate method of authentication (pre-shared keys when digital signature [certificate] based authentication might be more appropriate).
4. Inappropriate use of wildcard or group pre-shared keys (where use of alternatives might be more appropriate/possible).
5. Use of identical pre-shared key with multiple peers (similar to #4).
6. Inappropriate use of Extended Authentication (XAuth, which may be vulnerable when used with weak pre-shared keys and aggressive mode IKE/ISAKMP).
7. Vulnerability of NTP and/or CRLs/OCSP used by PKI to DoS attack (relevant when using digital signature authentication).
8. Relatively weakly secured CA private key storage.
9. Storage of IPsec VPN gateway configuration files containing paintext pre-shared keys.
10. Use of encryption without authentication.
