We are not using clientless VPN access so we have enabled "Shutdown portal login page". If we go to our web page it says that it is not used and no login is available, but we can see in logs that someone trying to login.
We are getting this log message:
%ASA-6-113015: AAA user authentication Rejected : reason = User was not found : local database : |
|
|
|
So, it looks that someone is using some POST method that has included username and password.
Our security team is asking me, why we have this opened.
How can they create this kind of POST?
Any help would be appreciated.
BR, K.
