Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,On an ASA5520 v7.2 I can only seem to authenticate to the console when using telnet and not ssh. I can connect using both methods, but just have trouble authenticating with ssh. Here are relevent lines related to the issue:username user1 passwo...
Hello,Is there any aaa command(s) to lock-out source IPs after a given number of attempts? I'd like to make it so specific users do not get locked out universally. (2811 v12.3 (8) T5)Or would I need an IPS for this?Thanks for any info,Sean
Hi Rolando,
On an ASA, you can combine protocols and source/destination-based services in a service-based object-group. Your example would look like this:
object-group service PORT_LIST1
service-object tcp destination range 21 22
service-object t...
Thanks for the info Marcin. Edit: I found there was actually an alerting feature added, vpn-session-timeout alert-interval: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/intro_intro.html#wp1326128
With your existing global statements, my suggestion should fulfill the requirement. Here's some further info: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_overview.html#wp1088419
