Multiple attempts to authenticate to ASA VPN

Unanswered Question
Aug 9th, 2007

I see multiple attempts to conncet to my VPN server. We have the server setup with group user name and passwords. It then authenticates the user to ACS. I see multiple login names from one ip. Root, wireless, admin, and many many others. How can i add a dynamic rule to block this after so many attempts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Thu, 08/09/2007 - 07:10

Hi ,

So we are getting many hits in acs from the same user ? Please increase radius server timeout in the VPN server.



sboivin Thu, 08/09/2007 - 07:26

Same IP, diffrent users. They seem to be using some sort of name generator.

acomiskey Thu, 08/09/2007 - 07:43

They shouldn't be getting that far. Doesn't that mean they have your group username and password or have acquired a .pcf file?

sboivin Thu, 08/09/2007 - 07:54

Yeah exaclty, well we just had some users leave. I was going to change the group name and password. But i also want to be able to deny ips after so many attemps.

Jagdeep Gambhir Fri, 08/10/2007 - 04:49


ASA--->VPN--->General--->VPN System option--->enable : Limit the MAX number to active VPN IPSEC




This Discussion