JORGE RODRIGUEZ Wed, 11/12/2008 - 13:51
User Badges:
  • Green, 3000 points or more

I do not believe there is such feature on any ASA code as to time based local account expiration, you would have to use 3rd party like Cisco Secure Access Control Server (ACS) where you can have that feature / manage all accounts expiration dates etc..

have a look here

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html



Rgds

Jorge

pjscott13 Wed, 11/12/2008 - 14:03
User Badges:

Hi,


I am running an ASA with version 7.0 and I have a user account that is set to expire. Example code:


1. First create a new Time Range, eg:


time-range {time range name}

absolute end 18:00 29 November 2008


2. Assign the Time range to the VPN user, eg:


username {vpn username} attributes

vpn-access-hours value {time range name (as above)}


This works for me! Hope it helps!


JORGE RODRIGUEZ Wed, 11/12/2008 - 20:35
User Badges:
  • Green, 3000 points or more

Phillip, your post is upsolutely correct applicable to RA vpn, perhaps if original poster could specify whether he meant RA vpn client local account access expiration date or local account expiration as a whole meaning no access to asa from the inside for management as I have understood. If RA vpn your answer is correct.



Rgds

Jorge


esossamon Thu, 11/13/2008 - 08:18
User Badges:

yes I did mean RA vpn client local accounts. I've tested this and it works great. Thanks Phillip!!!

Actions

This Discussion