04-07-2004 07:19 AM - edited 03-10-2019 07:44 AM
Is it possible using ACS Internal Data Base allow users using a Cisco VPN Client the ability to expire passwords and prompt them to change?
We have implemented VPN access server on Cisco 2612 router for remote users. We are using RADIUS server (ACS for Windows V 3.0(1) - Internal Data Base) to authenticate the user and the VPN tunnel.
The user is connected to the same network that the 2612 ethernet interface. This go up the tunnel point to this interface (ethernet) using Cisco VPN Client.
Is there any way by which this user will get the prompt that his password is expired and he should be able to change the password while using the VPN client ???
Once the user password is expired, the user can not get in and the administrator has to reset the password.
This equipment (2612) also is VPN access server for dial-up user and I use CAA for this functionality and this work fine. I can see that the ACS send the expiration/change message using udp 7500 port, but for the VPN client user connected via ethernet
interface the ACS not send any message.
I can use CAA for no dial-up user using VPN Client?
Thanks
04-14-2004 06:05 AM
You need to at least ACS 3.X preferably ACS 3.1. Once you have ACS 3.X, you will need to configure ms-chap v2 password expiration in ACS, and choose "RADIUS with Expiry" on the VPN concentrator. Read on...
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/rn301.htm#xtocid4
04-27-2004 04:34 AM
Hi,
we don't use VPN concentrator. We use a cisco 2612 router as VPN server.
We can configure "Radius with Expiry" in cico 2612 router?
Thanks and regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide