Cisco VPN Client user can have the ability to expire passwords a change it?

asarlo · ‎04-07-2004

Is it possible using ACS Internal Data Base allow users using a Cisco VPN Client the ability to expire passwords and prompt them to change?

We have implemented VPN access server on Cisco 2612 router for remote users. We are using RADIUS server (ACS for Windows V 3.0(1) - Internal Data Base) to authenticate the user and the VPN tunnel.

The user is connected to the same network that the 2612 ethernet interface. This go up the tunnel point to this interface (ethernet) using Cisco VPN Client.

Is there any way by which this user will get the prompt that his password is expired and he should be able to change the password while using the VPN client ???

Once the user password is expired, the user can not get in and the administrator has to reset the password.

This equipment (2612) also is VPN access server for dial-up user and I use CAA for this functionality and this work fine. I can see that the ACS send the expiration/change message using udp 7500 port, but for the VPN client user connected via ethernet

interface the ACS not send any message.

I can use CAA for no dial-up user using VPN Client?

Thanks

umedryk · ‎04-14-2004

You need to at least ACS 3.X preferably ACS 3.1. Once you have ACS 3.X, you will need to configure ms-chap v2 password expiration in ACS, and choose "RADIUS with Expiry" on the VPN concentrator. Read on...

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/rn301.htm#xtocid4

asarlo · ‎04-27-2004

Hi,

we don't use VPN concentrator. We use a cisco 2612 router as VPN server.

We can configure "Radius with Expiry" in cico 2612 router?

Thanks and regards.