This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
how can i archieve Brute Force Protection with ISE, while using RA-VPN? Cisco ASA is configured to use ISE as an AAA Server for AnyConnect login.
The customer has AnyConnect up and running and now wants to have Brute Force Protection, because you can literally try a million times without someone blocking your attempts to gain access.
At Administration -> System -> Settings -> Protocols -> Radius -> "Reject RADIUS requests from clients with repeated failures" does not work as I expected it to work.
I've set the requirements to minimum (Detect two failures within: 1 Minute, failures prior to automatic rejection: 2, continue rejecting requests for 5 Minutes) and used 20 times the wrong password for the same user and nothing happened. After 20 tries I just entered the correct password and it gave me access.
ISE Version 2.3
Any Ideas on what I may did wrong?
Thank you very much for your time!
Solved! Go to Solution.
Thank you very much. We will try to block BruteForce attacks with FirePower then.
So the rejection feature is only available to stop misconfigured clients right?