07-06-2007 05:17 AM
I have CIsco ASA 5510 that I used for VPN access. I have it setup to Authenticate against AD for username and password. That all works fine, the problem is if a user enters an incorrcet password in VPN logon, it appears the ASA will try repeatly to auth against AD.....our AD policy is 3 failed attempts and account is locked out. So the end result is if a user enters an incorrect password, their account gets locked out. Anyone have a fix for this??
Thanks
07-16-2007 05:25 AM
Please click the below URL which will help you how to use the Cisco ASA to configure authentication and authorization server groups on the Cisco PIX 500 Series Security Appliance.
07-16-2007 05:41 AM
I have it setup and working, like I stated, if a users enters a wrong password, it will lock their account. I don't see anything in there that addresses my issue.
Thanks
08-28-2007 03:47 AM
Try configuring the maximum failed attemps under your AD policy (less than 3 attemps) for your AAA server group.
Configuation->Device Management->Users/AAA->Edit AAA server group->Max Failed Attemps
08-28-2007 07:25 AM
Hi,
If your Windows Account Policy is set to 3 failed attempts, therefore the account will lock if the user enters incorrect password 3x.
However, you didn't mentioned how many times the user enters incorrect passwords.
If the user aenters incorrect password 3x and the account locks out, then you have two choices;
1. Set the account unlock after 15minutes (sample only) or
2. Set the failed attempts to higher than 3x
If the user actually enters incorrect password 1x and the account locks out, there could be a problem with ASA5510 setup.
In Windows 2003, I don't think you can disable account lock out.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: