Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
5
Replies

Multiple attempts to authenticate to ASA VPN

sboivin
Level 1
Level 1

‎08-09-2007 05:57 AM - edited ‎02-21-2020 10:18 AM

I see multiple attempts to conncet to my VPN server. We have the server setup with group user name and passwords. It then authenticates the user to ACS. I see multiple login names from one ip. Root, wireless, admin, and many many others. How can i add a dynamic rule to block this after so many attempts?

Labels:
0 Helpful
5 Replies 5

Jagdeep Gambhir
Level 10
Level 10

‎08-09-2007 07:10 AM

Hi ,

So we are getting many hits in acs from the same user ? Please increase radius server timeout in the VPN server.

Regards,

~JG

0 Helpful

sboivin
Level 1
Level 1
In response to Jagdeep Gambhir

‎08-09-2007 07:26 AM

Same IP, diffrent users. They seem to be using some sort of name generator.

0 Helpful

acomiskey
Level 10
Level 10
In response to sboivin

‎08-09-2007 07:43 AM

They shouldn't be getting that far. Doesn't that mean they have your group username and password or have acquired a .pcf file?

0 Helpful

sboivin
Level 1
Level 1
In response to acomiskey

‎08-09-2007 07:54 AM

Yeah exaclty, well we just had some users leave. I was going to change the group name and password. But i also want to be able to deny ips after so many attemps.

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to sboivin

‎08-10-2007 04:49 AM

On

ASA--->VPN--->General--->VPN System option--->enable : Limit the MAX number to active VPN IPSEC

Regards,

~JG

0 Helpful
Customers Also Viewed These Support Documents