[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

Cisco ASA-5505 how to stop logon attempts to local database

We are experiencing a repeated attempt to log onto our Cisco ASA 5505's local AAA database. It is an obvious brute force attack from a single IP address. These attempts are causing huge problems with our internet access by simply pushing the CPU utilization on the firewall way up(to about %80). i am trying to create an explicit Access Rule to block this IP from pushing ANY traffic to us. How can i do this from the ASDM interface. i would like to avoid the CLI for this if possible.

The attached TXT file contains the related entries from the Log Viewer. I have changed our IP address to  123.123.123.123 .

Please help!
log-clean.txt
0
lappladmin
Asked:
lappladmin
  • 2
  • 2
1 Solution
 
Tommy5681Commented:
Whats your ASDM version?
0
 
lappladminAuthor Commented:
ASDM: 6.4(5)206
ASA: 8.2(5)
0
 
Tommy5681Commented:
Configuration-->Firewall-->Access rules
Add new Outside access rule
Source - 223.255.131.50
destination - any
service - IP
Action - deny
OK
Move the rule to the top of your list of entries
Apply

His attempts at access should just bounce of your outside interface.

Let me know.
0
 
lappladminAuthor Commented:
i had done that but the attempts continue and those rules show no hits...
untitled.bmp
0
 
Ernie BeekCommented:
I took the liberty of cleaning the public IP's from your log file.

Regards,

Ernie
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now