03-04-2024 10:59 AM
We have a web URL setup so that our users can go to the site and download the AnyConnect client.
In the last week, we are getting tons of failed login attempts that I believe are coming from people trying to login. The are some common IPs and I have setup an ACL that deny's IP to any but they are still coming through. I also tried configuring the NSG in Azure to deny any traffic from those IP's but that doesn't work. Our ASA is a ASAv in Azure
Is there anyway to block specific IP's from being allowed to even load that site? I even tried to put it behind our Cloudflare WAF and setup a rule to deny the IP's and that didn't work either.
03-04-2024 11:05 AM
@jf1134 you could use a control-plane ACL or an ACL on the router in front of the ASA to block the traffic or use the "shun" command, although I don't believe that survives a reboot.
03-04-2024 11:08 AM
You can always try some Geolocation if possible
03-04-2024 11:09 AM
This second posts same issue
And my reply is same
Use shun or acl control plane
Did you check my previous reply?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide