Is there a way you can block the source IP(s) before they get to the VPN endpoint?
*********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: David W. McSpadden [mailto:[email protected]] > Sent: Thursday, February 18, 2010 7:45 AM > To: NT System Admin Issues > Subject: Re: CISCO VPN Client > > I have Kiwi Syslogger setup to email me every failed attempt > to authenticate through the VPN. > It went from 2 or 3 a day from lusers to 2500 to 5000 a day > and all accounts I don't have in AD and all originating from > the VPN tunnel. > So disabling the tunnel didn't work, had to remove the > reference to the tunnel entirely. Now we are back to 2 or 3 a day. > > > From: Bob Fronk <mailto:[email protected]> > Sent: Thursday, February 18, 2010 9:25 AM > To: NT System Admin Issues > <mailto:[email protected]> > Subject: RE: CISCO VPN Client > > > How did you discover this was happening? > > > > From: David W. McSpadden [mailto:[email protected]] > Sent: Wednesday, February 17, 2010 1:30 PM > To: NT System Admin Issues > Subject: Re: CISCO VPN Client > > > > Ok. I am looking at that area under Remote VPN in > Configuration and someone has my VPN Client info and they are > trying a Brute Force Vocab attack to my AD's. So I have > moved all my users to AnyConnect and I am ready to remove the > VPN Client from the ASA or disable it... > > > > From: Jon Harris <mailto:[email protected]> > > Sent: Wednesday, February 17, 2010 1:24 PM > > To: NT System Admin Issues > <mailto:[email protected]> > > Subject: Re: CISCO VPN Client > > > > Why are you getting rid of the VPN client? You don't remove > it you disable it on the ASA. Just make sure all the rules > are correct for the ASA first. > > > > Jon > > On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden > <[email protected]> wrote: > > > > Actually on the ASA. I think I have it found now but I am > still testing. > > From: Jon Harris <mailto:[email protected]> > > Sent: Wednesday, February 17, 2010 12:10 PM > > To: NT System Admin Issues > <mailto:[email protected]> > > Subject: Re: CISCO VPN Client > > > > Remove it is the best, they install into the same root > directory under Program Files but have separate directories > under that. They are separate programs as Microsoft sees them. > > > > Jon > > On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden > <[email protected]> wrote: > > Anyone point me on how to Disable the old CISCO VPN Client > and leave the AnyConnect still enabled? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
