Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1254
Views
0
Helpful
1
Replies

ASA IPsec remote access VPN - limit number of auth retries

NazgulNr5
Level 1
Level 1

‎12-19-2019 04:48 AM - edited ‎02-21-2020 09:46 AM

Is there a way to limit the number of retries a VPN user has to authenticate? I found the aaa local authentication attempts max-fail command but our ra VPN uses certificates for authetication so I am not sure if the max-fail command would work.

0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎12-21-2019 05:15 AM

for the ASA vpn configuration if custom configuration is not define then it always go and match the default configuraton.

 

show run all tunnel-group

!

tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary

 

 

I think you doing a local authentication if you have ISE servers you can define your attributes and push it from there.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card