Solved: How to set cisco fmc anyconnect vpn limit login attempts?

chocolate2395777 · ‎09-12-2023

Hi All,

After enabling the AnyConnect RA VPN, we encountered a brute password from outside. May I know if any setting on Cisco FMC can limit login attempts? even the web portal.

We are using Cisco DUO but are still worried the brute attack led to internet interruption, outage or some potential risk.

Thanks

Rob Ingram · ‎09-15-2023

@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.

View solution in original post

Rob Ingram · ‎09-13-2023

@chocolate2395777 You can certainly do this if using IKEv2/IPSec, not sure about if you are using SSL/TLS for the RAVPN.

When using IKEv2 you can configuration cookie challenge, which will limit the number of in-negotiation SAs, useful in a DOS attack.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-remote-access.html

chocolate2395777 · ‎09-15-2023

Hi Rob,

Thanks for your reply, I have set up the IPSec tunnel.

May I know the setting as below?

Thanks

Rob Ingram · ‎09-15-2023

@chocolate2395777 yes that is the correct setting and it's enabled (as per your screenshot). So as long as you use IKEv2/IPSec then the FTD will use a cookie which the client initiator must return if the negotiation must proceed.