cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2796
Views
0
Helpful
4
Replies

ASA VPN Auth problem

clark.d
Level 1
Level 1

I have CIsco ASA 5510 that I used for VPN access. I have it setup to Authenticate against AD for username and password. That all works fine, the problem is if a user enters an incorrcet password in VPN logon, it appears the ASA will try repeatly to auth against AD.....our AD policy is 3 failed attempts and account is locked out. So the end result is if a user enters an incorrect password, their account gets locked out. Anyone have a fix for this??

Thanks

4 Replies 4

carenas123
Level 5
Level 5

Please click the below URL which will help you how to use the Cisco ASA to configure authentication and authorization server groups on the Cisco PIX 500 Series Security Appliance.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008060f261.shtml#maintask1

I have it setup and working, like I stated, if a users enters a wrong password, it will lock their account. I don't see anything in there that addresses my issue.

Thanks

mj.jimenez
Level 1
Level 1

Try configuring the maximum failed attemps under your AD policy (less than 3 attemps) for your AAA server group.

Configuation->Device Management->Users/AAA->Edit AAA server group->Max Failed Attemps

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

If your Windows Account Policy is set to 3 failed attempts, therefore the account will lock if the user enters incorrect password 3x.

However, you didn't mentioned how many times the user enters incorrect passwords.

If the user aenters incorrect password 3x and the account locks out, then you have two choices;

1. Set the account unlock after 15minutes (sample only) or

2. Set the failed attempts to higher than 3x

If the user actually enters incorrect password 1x and the account locks out, there could be a problem with ASA5510 setup.

In Windows 2003, I don't think you can disable account lock out.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: