Cisco VPN Client user can have the ability to expire passwords a change it?
Is it possible using ACS Internal Data Base allow users using a Cisco VPN Client the ability to expire passwords and prompt them to change?
We have implemented VPN access server on Cisco 2612 router for remote users. We are using RADIUS server (ACS for Windows V 3.0(1) - Internal Data Base) to authenticate the user and the VPN tunnel.
The user is connected to the same network that the 2612 ethernet interface. This go up the tunnel point to this interface (ethernet) using Cisco VPN Client.
Is there any way by which this user will get the prompt that his password is expired and he should be able to change the password while using the VPN client ???
Once the user password is expired, the user can not get in and the administrator has to reset the password.
This equipment (2612) also is VPN access server for dial-up user and I use CAA for this functionality and this work fine. I can see that the ACS send the expiration/change message using udp 7500 port, but for the VPN client user connected via ethernet
interface the ACS not send any message.
I can use CAA for no dial-up user using VPN Client?
Re: Cisco VPN Client user can have the ability to expire passwor
You need to at least ACS 3.X preferably ACS 3.1. Once you have ACS 3.X, you will need to configure ms-chap v2 password expiration in ACS, and choose "RADIUS with Expiry" on the VPN concentrator. Read on...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...