after you enable webvpn on the outside interface of ASA, so now anyone can login to the page and try to login , doesn't this have the potential of a brute force attack, can't we restrict who can even see the webvpn page ?
That is a good quesiton about brute and I do not know the answer, if anyone does would love to learn it.
One of the things I have done is implement in ver 8 the virtual software keyboard. This appears when users try to enter their password. I would think this would hinder many brute attacks and it makes access more secure as there is no local caching inadvertently, its all mouse clicks.
You can certainly deny subnets to the outside interface of the ASA, I do suspect that would quickly become an admin nightmare.
I don't think you can deny access to the webvpn access using standard interface ACL's. But I don't know of any other way to restrict it either, unless there is a device in front of the ASA that can do some blocking.
You should use AAA authentication with a lockout after a certain number of failed attempts. For instance use a LDAP server to lookup user accounts against active directory. The accounts can be set to lockout after a number of invalid attempts. This won?t prevent access to the portal but will help to prevent un-authorized authentication. 8x code has very good support this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :