11-12-2008 09:35 AM
Is their a way on the ASA running 8.0 code to set a local account to expire on a certain date?
11-12-2008 01:51 PM
I do not believe there is such feature on any ASA code as to time based local account expiration, you would have to use 3rd party like Cisco Secure Access Control Server (ACS) where you can have that feature / manage all accounts expiration dates etc..
have a look here
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html
Rgds
Jorge
11-12-2008 02:03 PM
Hi,
I am running an ASA with version 7.0 and I have a user account that is set to expire. Example code:
1. First create a new Time Range, eg:
time-range {time range name}
absolute end 18:00 29 November 2008
2. Assign the Time range to the VPN user, eg:
username {vpn username} attributes
vpn-access-hours value {time range name (as above)}
This works for me! Hope it helps!
11-12-2008 08:35 PM
Phillip, your post is upsolutely correct applicable to RA vpn, perhaps if original poster could specify whether he meant RA vpn client local account access expiration date or local account expiration as a whole meaning no access to asa from the inside for management as I have understood. If RA vpn your answer is correct.
Rgds
Jorge
11-13-2008 08:18 AM
yes I did mean RA vpn client local accounts. I've tested this and it works great. Thanks Phillip!!!
11-13-2008 02:06 PM
glad to have helped!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: