local vpn accounts

esossamon · ‎11-12-2008

Is their a way on the ASA running 8.0 code to set a local account to expire on a certain date?

JORGE RODRIGUEZ · ‎11-12-2008

I do not believe there is such feature on any ASA code as to time based local account expiration, you would have to use 3rd party like Cisco Secure Access Control Server (ACS) where you can have that feature / manage all accounts expiration dates etc..

have a look here

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

Rgds

Jorge

Jorge Rodriguez

pjscott13 · ‎11-12-2008

Hi,

I am running an ASA with version 7.0 and I have a user account that is set to expire. Example code:

1. First create a new Time Range, eg:

time-range {time range name}

absolute end 18:00 29 November 2008

2. Assign the Time range to the VPN user, eg:

username {vpn username} attributes

vpn-access-hours value {time range name (as above)}

This works for me! Hope it helps!

JORGE RODRIGUEZ · ‎11-12-2008

Phillip, your post is upsolutely correct applicable to RA vpn, perhaps if original poster could specify whether he meant RA vpn client local account access expiration date or local account expiration as a whole meaning no access to asa from the inside for management as I have understood. If RA vpn your answer is correct.

Rgds

Jorge

Jorge Rodriguez

esossamon · ‎11-13-2008

yes I did mean RA vpn client local accounts. I've tested this and it works great. Thanks Phillip!!!

pjscott13 · ‎11-13-2008

glad to have helped!