Solved: Re: Cisco ASA block an IP after unsuccessful login attempts

MohammadKayed · ‎09-22-2020

Hello,

I would like to ask if we have an option from the ASA to block an IP address automatically after unsuccessful login attempts through SSH or ASDM.

Do we have such option or we can only block the user ?

I am using Radius server as authentication method.

Thank you.

chesterr · ‎09-22-2020

Hello,

You can check command on the asa:

1. enable

2. configure terminal

3. login block-for seconds attempts tries within seconds

4. login quiet-mode access-class {acl-name | acl-number}

5. login delay seconds

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-16/sec-usr-cfg-xe-16-book/sec-login-enhance.html

or you can do it from the Radius server.

View solution in original post

Seb Rupik · ‎09-22-2020

HI there,

If you are using freeradius take a look at the lockout feature:

https://wiki.freeradius.org/guide/lockout

...there may be equivalent features in other implementations.

cheers,

Seb.

chesterr · ‎09-22-2020

Hello,

You can check command on the asa:

1. enable

2. configure terminal

3. login block-for seconds attempts tries within seconds

4. login quiet-mode access-class {acl-name | acl-number}

5. login delay seconds

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-16/sec-usr-cfg-xe-16-book/sec-login-enhance.html

or you can do it from the Radius server.

ROBERT VANDENBRINK · ‎03-15-2024

These are not ASA commands, they are IOS commands

ROBERT VANDENBRINK · ‎03-15-2024

These are not ASA config commands, they are IOS config commands

I_Sort_of_Know_IT · ‎11-29-2021

I apologize for the ignorant question, but does this only block logins from internal sources (i.e. within the network) or is this also for any external login attempts, as well? Also, would this block attempts via VPN if the VPN is configured through the RADIUS server?