how can i archieve Brute Force Protection with ISE, while using RA-VPN? Cisco ASA is configured to use ISE as an AAA Server for AnyConnect login.
The customer has AnyConnect up and running and now wants to have Brute Force Protection, because you can literally try a million times without someone blocking your attempts to gain access.
At Administration -> System -> Settings -> Protocols -> Radius -> "Reject RADIUS requests from clients with repeated failures" does not work as I expected it to work.
I've set the requirements to minimum (Detect two failures within: 1 Minute, failures prior to automatic rejection: 2, continue rejecting requests for 5 Minutes) and used 20 times the wrong password for the same user and nothing happened. After 20 tries I just entered the correct password and it gave me access.