RADIUS with Expiry Using MS IAS on ASA5520

Unanswered Question
Jan 21st, 2010
User Badges:

I currently have a Cisco VPN 3000 configured to Authenticate Windows Active Directory users. When these users' password is about to expire, it prompts them to change it.  I cant seem to find the configuration to mimic this on the ASA5520.  I need to have 64BIT OS support on the ASA otherwise I would have stuck with the VPN3000 as it's doing it's job quite well.Does anyone know how to configure the same feature on the ASA5520?


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 01/27/2010 - 09:46
User Badges:
  • Cisco Employee,

Paul,


The support for password expiration on the ASA with radius is defined with the command "password management" under the tunnel group where the client connects, as well you need to enable mschap v2 as the authenticating protocol under the ppp settings for tha tunnel group and you need to make sure tha the radius is configured for mschapv2 too. See the following link:


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1879916



As for 64bit support, the remote access that supports this OS platform is Anyconnect see the following link too:


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html


hth

Ivan

Actions

This Discussion