09-12-2023 10:18 PM
Hi All,
After enabling the AnyConnect RA VPN, we encountered a brute password from outside. May I know if any setting on Cisco FMC can limit login attempts? even the web portal.
We are using Cisco DUO but are still worried the brute attack led to internet interruption, outage or some potential risk.
Thanks
Solved! Go to Solution.
09-15-2023 05:23 AM
@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.
09-13-2023 03:20 AM
@chocolate2395777 You can certainly do this if using IKEv2/IPSec, not sure about if you are using SSL/TLS for the RAVPN.
When using IKEv2 you can configuration cookie challenge, which will limit the number of in-negotiation SAs, useful in a DOS attack.
09-15-2023 04:24 AM
Hi Rob,
Thanks for your reply, I have set up the IPSec tunnel.
May I know the setting as below?
Thanks
09-15-2023 05:23 AM
@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide