Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500

I get few minutes ago a request, that someone from IP no. 166.87.251.21 want to connect with my lsass.exe process via port 500 UDP. What the heck?
I blocked this request but got frustrated about that fact. Now saudi arabians started to scan random ip’s?

UDP 500 is used for IKE key exchange a protocol for VPN usage.
It might be a ‘IKE scanner’ that is looking for something, it might also be one of their servers is compromised and abused.

I’d make a complete block rule for this IP on the Firewall’s blocked zone, just to be on the safe side.