I need to force the Cisco VPN client to change his password on first login. In my setup I have the vpn client username locally created in a Cisco ACS 4.1 Database and we are stablishing the VPN Remote Access tunnel to a ASA5510 version 8.2.
So in ACS I went to password aging rules and clicked the Passsword expires on first login, then I tried to login and connect but then authentication failed with no pop up window to force the customer to change his password. When I see the ACS logs I can see that the password has expired, but I'm never asked to change the password on the vpn client.
I also have the password-management (previously radius-with-expiry) option enabled on the tunnel-group general attributes of the ASA5510.
So how can I enable the user to change his password and show pop-up window for him to change it?