Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
1
Replies

Block source of repeat radius authentication failure in ISE

Ricky S
Level 3
Level 3

‎03-08-2024 06:23 PM

Good evening,  is there a way to create a policy in ISE where it automatically adds the source IP address of repeat failed authentication attempts to a block list?  If someone was running a dictionary attack against one of our VPN gateways (ASA), I would think there would be some way to add that IP in a block list automatically rather than just being sitting ducks?

Labels:
0 Helpful
1 Reply 1

Pulkit Mittal
Spotlight
Spotlight

‎03-08-2024 10:40 PM

Hi Ricky,

I don't think there is a direct way of doing that from ISE, however, what you can do is configure FTD control plane ACL as mentioned in below post from Rob since I believe you might be looking at same failure logs.

https://community.cisco.com/t5/network-security/block-ip-addresses-that-try-to-brute-force-into-vpn/td-p/4823779

https://integratingit.wordpress.com/2021/06/26/ftd-control-plane-acl/

If you find this useful, please mark it helpful and accept the solution.

0 Helpful
Customers Also Viewed These Support Documents