Meraki

Community

High number of unsuccessful VPN connection attempts - how to handle this?

Sharif_Ibrahim
Comes here often
‎Sep 26 2019 11:46 AM
‎Sep 26 2019 11:46 AM

High number of unsuccessful VPN connection attempts - how to handle this?

Hi everybody, I am the new one 😉

 

We have several MXs with client VPN activated and I can see in the event a lot (even so much that the event log can´t handle it) of unsuccessfuls connection attempts, which partly lead to an DoS, which means the regular clients are not able to connect.

 

Has anyone else also seen this and is there are a way to block such attempts?

 

I am thinking about something like fail2ban, after a number of unsuccessfu attempts the originating IP is blocked away for a certein period of time...

 

 

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 26 2019 12:38 PM
‎Sep 26 2019 12:38 PM

Are they by chance from one specific country that you could block?

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Geo-IP_Based_F... 

In response to PhilipDAth
Sharif_Ibrahim
Comes here often
‎Sep 26 2019 11:08 PM
‎Sep 26 2019 11:08 PM

Hi Philip,

 

thanks for your reply, this is an interesting idea, but unfortunately we don´t have the advanced security licence in place.

 

Does anyone see something similar in his/her event log?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.