Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
4
Replies

User Authentication restrictions for MRA

Go to solution
aalejo
Level 5
Level 5

‎12-09-2015 08:19 AM - edited ‎03-18-2019 05:18 AM

Does someone knows if is posible to restrict the users that can authenticate using MRA?

Thanks

Alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎12-09-2015 08:53 AM

AFAIK there is no way to do that, if a user is enabled for IM only, Phone only, or full UC, and you have MRA, he can try to login, and should be able to. CUCM will accept any proxied registrations, assuming right credentials are provided.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎12-09-2015 08:53 AM

AFAIK there is no way to do that, if a user is enabled for IM only, Phone only, or full UC, and you have MRA, he can try to login, and should be able to. CUCM will accept any proxied registrations, assuming right credentials are provided.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
aalejo
Level 5
Level 5
In response to Jaime Valencia

‎12-09-2015 09:08 AM

Thats what i suspected but it is not good since expressway solution currently does not protect against authentication DDOS atacks. (embedded freeware GNU fail2ban only protects againts same IP authentication failure).

 

Alex

0 Helpful

Go to solution
havogel
Cisco Employee
Cisco Employee
In response to aalejo

‎12-09-2015 07:43 PM

There is an authentication rate limiting mechanism built into VCS 8.5.2 and above.

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-7/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-7.pdf

Page 40 goes over the feature.

0 Helpful

Go to solution
aalejo
Level 5
Level 5
In response to havogel

‎12-09-2015 08:55 PM

Does not rate authentication failure. I opened a TAC case an a bug id was created as a result

https://tools.cisco.com/bugsearch/bug/CSCux29269

It rates applications that tries to authenticate many times but not authentication failure.

Too bad that feature does NOT protect against authentication DDOS attack.

 

 

0 Helpful
Customers Also Viewed These Support Documents