cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2291
Views
1
Helpful
3
Replies

How to set cisco fmc anyconnect vpn limit login attempts?

Hi All,

After enabling the AnyConnect RA VPN, we encountered a brute password from outside. May I know if any setting on Cisco FMC can limit login attempts? even the web portal.

We are using Cisco DUO but are still worried the brute attack led to internet interruption, outage or some potential risk.

 

Thanks

 

1 Accepted Solution

Accepted Solutions

@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.

View solution in original post

3 Replies 3

@chocolate2395777 You can certainly do this if using IKEv2/IPSec, not sure about if you are using SSL/TLS for the RAVPN.

When using IKEv2 you can configuration cookie challenge, which will limit the number of in-negotiation SAs, useful in a DOS attack.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-remote-access.html

 

Hi Rob,

Thanks for your reply, I have set up the IPSec tunnel.

May I know the setting as below?

chocolate2395777_0-1694777038586.png

 

Thanks

@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.