10-06-2008 11:55 AM
Hello folks -
We have a large number of people who are using the Cisco VPN client to connect to the corporate network. VPN autentication is being done using a Cisco ACS Server. Protocol being used is TACACS+.
The issue we are running into is that when the Active Directory password expires, users are unable to VPN in.
Is there a way where password notification expiration can be configured using the VPN Client? Under the tunnel group on the ASA, there is a password-management command, but from the reading I have done, it sounds like that command cannot be used with AD.
Any help would be appreciated!!
10-07-2008 01:26 AM
To answer you question - no. The cisco VPN client does not support this.
I had the same issue in a previous comapny - the solutions were:-
1) The employees came into the office once in a while.
2) The AD system sent out reminders
3) They rang a help desk to re-set the password - who could decide if they would change the password, especially if the user DID recevie the notification of the password exipre reminder and ignored it :o)
After a few times, the users soon got the idea not to ignore the emails.
HTH>
10-07-2008 10:31 AM
If you have an ASA and were using RADIUS, you can use the radius-with-expiry under the tunnel-group's ipsec-attributes. This is under the assumption that you have your accounts configured with RADIUS. I can't tell you if it runs with TACACS+ though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide