ASA and VPN multiple login attempts from one ip with diffrent user accounts.

We have a ASA VPN server that authenticates to an ACS server. Over the past few days i have noticed multiple failed login attempts. The login attempts are using various names like, root, phone, admin, user, guest, administrator. My question is... would'nt they need my Group Name and Group password to even attempt to authenticate to the ACS?
 
LVL 2
djohnson104Asked:
Who is Participating?
 
rsivanandanCommented:
They already have it, otherwise the 2nd stage wouldn't have come.

2 types of authentication is required.

1. First Group authentication.

2. Second user authentication (Since you're seeing failure at this stage, it means that group is already known to the person)

3 chances again.

1. One of your employee is trying to knock stuff off

2. Somebody stole the pcf file (which has the group config and pretty much everything except for the user auth part) from a legit user without his knowledge.

3. Employees teenage kid is all excited about *hacking*...

Cheers,
Rajesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.