[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 458
  • Last Modified:

ASA and VPN multiple login attempts from one ip with diffrent user accounts.

We have a ASA VPN server that authenticates to an ACS server. Over the past few days i have noticed multiple failed login attempts. The login attempts are using various names like, root, phone, admin, user, guest, administrator. My question is... would'nt they need my Group Name and Group password to even attempt to authenticate to the ACS?
 
0
djohnson104
Asked:
djohnson104
1 Solution
 
rsivanandanCommented:
They already have it, otherwise the 2nd stage wouldn't have come.

2 types of authentication is required.

1. First Group authentication.

2. Second user authentication (Since you're seeing failure at this stage, it means that group is already known to the person)

3 chances again.

1. One of your employee is trying to knock stuff off

2. Somebody stole the pcf file (which has the group config and pretty much everything except for the user auth part) from a legit user without his knowledge.

3. Employees teenage kid is all excited about *hacking*...

Cheers,
Rajesh
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now