I have a 3015 concentrator which supports a host of IPSEC users that I pass authentication to Active Directory (via Radius) in order to grant access. Works dandy, except when someone's password is about to expire. You get the 'your password will expire in 10 days' message when you login on the network, but not over VPN. I think I've asked before, and I know I've tried the 'radius with password expiry' setup, but I've never been able to make this work. Anyone have a success story in this area?