ASA VPN Auth problem

Unanswered Question
Jul 6th, 2007
User Badges:

I have CIsco ASA 5510 that I used for VPN access. I have it setup to Authenticate against AD for username and password. That all works fine, the problem is if a user enters an incorrcet password in VPN logon, it appears the ASA will try repeatly to auth against AD.....our AD policy is 3 failed attempts and account is locked out. So the end result is if a user enters an incorrect password, their account gets locked out. Anyone have a fix for this??


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
clark.d Mon, 07/16/2007 - 05:41
User Badges:

I have it setup and working, like I stated, if a users enters a wrong password, it will lock their account. I don't see anything in there that addresses my issue.


mj.jimenez Tue, 08/28/2007 - 03:47
User Badges:

Try configuring the maximum failed attemps under your AD policy (less than 3 attemps) for your AAA server group.

Configuation->Device Management->Users/AAA->Edit AAA server group->Max Failed Attemps

Danilo Dy Tue, 08/28/2007 - 07:25
User Badges:
  • Blue, 1500 points or more


If your Windows Account Policy is set to 3 failed attempts, therefore the account will lock if the user enters incorrect password 3x.

However, you didn't mentioned how many times the user enters incorrect passwords.

If the user aenters incorrect password 3x and the account locks out, then you have two choices;

1. Set the account unlock after 15minutes (sample only) or

2. Set the failed attempts to higher than 3x

If the user actually enters incorrect password 1x and the account locks out, there could be a problem with ASA5510 setup.

In Windows 2003, I don't think you can disable account lock out.


This Discussion