Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Radius with password expiry

We are trying to implement radius with password expiry using Cisco ACS 3.0 and VPN 3030.We are using version 3.5 for both concentrator and client. We have made config similar to the sample config in site.When password expiry happens,the prompt comes for changing the password and confirming password.When we provide that info,it tries to access gateway and after sometime we get "remote peer terminated connection".But after 10 mins the password has changed in the network.

Does it take 10 mins to change the password in Win2k ADC. Does it not give a message in VPN client that the password has changed. We have installed ACS in Win2k member server and authentication works fine with external Win2k database.Can someone provide us a solution.


Re: Radius with password expiry

I had run into the same problem... I was getting the very same error message. The workaround turned out to be pretty simple. Adjust the RADIUS/TACACS timeout on the concentrator to a time greater than what it is taking to talk to the domain controller and to confirm the change. This value should be something between 10 to 30 seconds... guess you'll have to figure that out by hit and trial.