https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5552001#M1125166 <P>Thanks Aref.</P><P>Initial authentication happen in NPS. I will generate it and feedback here.</P> Mon, 11 May 2026 09:10:10 GMT imanv 2026-05-11T09:10:10Z https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551083#M1125151 <P>I have a remote access VPN with the following scenario.</P><P>I have FTD virtual managed by FMC (version 7.7), Cisco ISE radius AAA (version 3.4), external radius server (Microsoft NPS) for multi-factor authentication (MFA). User send the credential to FMC--&gt;ISE--&gt;external radius and after external radius check it with active directory. The external radius server authenticate the remote clients to send the SMS as second factor. After that I configure ISE to continue the Authorization using ISE Authorization profiles.</P><P>I found that some remote clients sends many <U>correct credentials</U> to VPN gateway in short period of time ( less than a minute) and by this method hundreds of SMS sends. I am looking for a way to manage accepting the correct user/passwords for certain period of time to prevent the overwhelming the SMS servers.</P><P>Just note that it is not simultaneous connection attempts.</P><P>Thank you.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 06 May 2026 21:48:34 GMT https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551083#M1125151 imanv 2026-05-06T21:48:34Z https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551199#M1125153 <P>Why you have to use MS NPS if you have ISE? can't ISE handle the whole authentication and authorization process?</P> Thu, 07 May 2026 10:00:10 GMT https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551199#M1125153 Aref Alsouqi 2026-05-07T10:00:10Z https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551354#M1125161 <P>Thanks for your reply.</P><P>I need it to handle the second factor authentication. The NPS check the credentials with DC and send the result to another application to send the SMS. If the remote client send the OTP code recived by SMS and approved by the application, MS NPS send the result to ISE. Then I configure ISE to continue authorization to ISE authz policies.</P> Thu, 07 May 2026 16:43:32 GMT https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551354#M1125161 imanv 2026-05-07T16:43:32Z https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551550#M1125163 <P>Could that be something ISE can handle? not really sure if that would fix the reported issue though. How those many authentication requests look like on ISE? I'm just thinking if this issue could be related to some sort of latency on the network used by those remote clients maybe?</P> Fri, 08 May 2026 10:18:25 GMT https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5551550#M1125163 Aref Alsouqi 2026-05-08T10:18:25Z https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5552001#M1125166 <P>Thanks Aref.</P><P>Initial authentication happen in NPS. I will generate it and feedback here.</P> Mon, 11 May 2026 09:10:10 GMT https://community.cisco.com/t5/network-security/ravpn-request-control/m-p/5552001#M1125166 imanv 2026-05-11T09:10:10Z