Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
0
Replies

webvpn Uknown/Rejected repeated log in attempts?

de.101
Level 1
Level 1

‎06-03-2021 04:12 AM - edited ‎06-03-2021 08:17 AM

During ASA/VPN troubleshooting by running debug webvpn I noticed number of rejected webvpn login attempts with different user names (below log) These login attempts are not from any of our staff members. I assume this is not from AnyConnect Client? and are attempting to connect via Clientless SSL VPN (WebVPN)? Just to add that the ASA portal login page is shutdown.

How would I go about checking from what IP rejected connection attempts are coming from.

 

webvpn_portal.c:ewaFormSubmit_webvpn_login[3827]
webvpn_portal.c:webvpn_login_validate_net_handle[2579]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2599]
webvpn_portal.c:webvpn_login_assign_app_next[2617]
webvpn_portal.c:webvpn_login_cookie_check[2633]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2679]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2712]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2783]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2838]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2918]
webvpn_portal.c:webvpn_login_negotiate_client_cert[3054]
webvpn_portal.c:webvpn_login_check_cert_status[3164]
webvpn_portal.c:webvpn_login_cert_only[3246]
webvpn_portal.c:webvpn_login_saml_only[3274]
webvpn_portal.c:webvpn_login_primary_username[3310]
webvpn_portal.c:webvpn_login_primary_password[3460]
webvpn_portal.c:webvpn_login_secondary_username[3488]
webvpn_portal.c:webvpn_login_secondary_password[3573]
webvpn_portal.c:webvpn_login_extra_password[3622]
webvpn_portal.c:webvpn_login_set_cookie_flag[3641]
webvpn_portal.c:webvpn_login_set_auth_group_type[3664]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
webvpn_portal.c:webvpn_login_aaa_resuming[3685]
webvpn_auth.c:http_webvpn_post_authentication[1362]
WebVPN: user: (Administrator) rejected.
webvpn_remove_auth_handle: auth_handle = 550
http_webvpn_post_authentication[1456] ewsContextSendReply(WEBVPN_PAGE_LOGIN)
http_webvpn_post_authentication[1596] -> NULL
webvpn_portal.c:webvpn_login_aaa_resuming[3723]
ewaFormSubmit_webvpn_login() -> redirect status=1 ret='NULL'
webvpn_free_auth_struct: net_handle = 0x00007f3fb9fd8bf0
webvpn_allocate_auth_struct: net_handle = 0x00007f3fb9fd8bf0
webvpn_free_auth_struct: net_handle = 0x00007f3fb9fd8bf0

webvpn_portal.c:ewaFormSubmit_webvpn_login[3827]
webvpn_portal.c:webvpn_login_validate_net_handle[2579]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2599]
webvpn_portal.c:webvpn_login_assign_app_next[2617]
webvpn_portal.c:webvpn_login_cookie_check[2633]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2679]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2712]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2783]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2838]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2918]
webvpn_portal.c:webvpn_login_negotiate_client_cert[3054]
webvpn_portal.c:webvpn_login_check_cert_status[3164]
webvpn_portal.c:webvpn_login_cert_only[3246]
webvpn_portal.c:webvpn_login_saml_only[3274]
webvpn_portal.c:webvpn_login_primary_username[3310]
webvpn_portal.c:webvpn_login_primary_password[3460]
webvpn_portal.c:webvpn_login_secondary_username[3488]
webvpn_portal.c:webvpn_login_secondary_password[3573]
webvpn_portal.c:webvpn_login_extra_password[3622]
webvpn_portal.c:webvpn_login_set_cookie_flag[3641]
webvpn_portal.c:webvpn_login_set_auth_group_type[3664]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
webvpn_portal.c:webvpn_login_aaa_resuming[3685]
webvpn_auth.c:http_webvpn_post_authentication[1362]
WebVPN: user: (admin) rejected.
webvpn_remove_auth_handle: auth_handle = 535
http_webvpn_post_authentication[1456] ewsContextSendReply(WEBVPN_PAGE_LOGIN)
http_webvpn_post_authentication[1596] -> NULL
webvpn_portal.c:webvpn_login_aaa_resuming[3723]
ewaFormSubmit_webvpn_login() -> redirect status=1 ret='NULL'
webvpn_free_auth_struct: net_handle = 0x00007f3fbc426cb0
webvpn_allocate_auth_struct: net_handle = 0x00007f3fbc426cb0
webvpn_free_auth_struct: net_handle = 0x00007f3fbc426cb0

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents