Hello,
Currently I am using the Cisco anyconnect VPN with the ASA5506 to access my internal network. However there is a website that anybody can go to and log in to the VPN that way.
So the problem is that I can see in my logs that IPs from Russia and China are constantly hammering this connection. I’ve blocked these which stopped them for a while, but now they are back coming from a different country
Is there a way to disable this website without breaking the VPN for legitimate use? Thank you.
ASDM: Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles
select “Shutdown portal login page”
Apply
Do the same for Clientless if that is enabled.
I configured a vpn and I put this command “vpn-tunnel-protocol ssl-client” to accept only connections with the anyconnect client, this is under group policy configuration, sorry for my bad English
I wonder what did you end up fixing the attack attempts? my ASA is 5512, it is pretty old. I shutdown portal login page but no helps. still got a bunch of login attempt from WebVPN
Thank you for this information! Unfortunately I dont have access to the GUI, only the command line.
Is there an alternative way to do this from the console? Thanks again.
Same thing here, disabling the portal didn’t help. We ended up switching to a pfSense IPSEC vpn.
Best thing you can do since it is EOL is replace it ASAP. If not, make sure passwords are strong and implement 2FA if possible.
Never done it on cli but I think it’s:
webvpn
keepout “503:Service unavailable”
I’ll do some testing, thanks again!
Just wanted to say this command worked perfectly, appreciate the help.
Glad it helped and you reported that it worked. Someone else might look for that same info.