Is it possible to deny ip range to connect and validate with the anyconnect client, with for example Dynamic Access Policies for the AnyConnect. I have a brute force attack going on where the login from the AnyConnect Client hits the Radius server, but I want to stop the connection directly when it hits the firewall.
Hello Christian
If the brute force attack is taking place from a single IP or a single range of IP addresses, then you can simply add an access list that will block that particular range. If however, the addresses are unpredictable, then you can try limiting the maximum number of simultaneous connections that are allowed, use a random outside port on the ASA, or limit which IP addresses are allowed to connect. Some of these are detailed more in-depth in the following Cisco community forum thread:
The thread has to do with RDP, however, the principles are the same. Let us know how you get along and if we can be of any more help!
I hope this has been helpful!
Laz