We are trying to implement radius with password expiry using Cisco ACS 3.0 and VPN 3030.We are using version 3.5 for both concentrator and client. We have made config similar to the sample config in site.When password expiry happens,the prompt comes for changing the password and confirming password.When we provide that info,it tries to access gateway and after sometime we get "remote peer terminated connection".But after 10 mins the password has changed in the network.
Does it take 10 mins to change the password in Win2k ADC. Does it not give a message in VPN client that the password has changed. We have installed ACS in Win2k member server and authentication works fine with external Win2k database.Can someone provide us a solution.
I had run into the same problem... I was getting the very same error message. The workaround turned out to be pretty simple. Adjust the RADIUS/TACACS timeout on the concentrator to a time greater than what it is taking to talk to the domain controller and to confirm the change. This value should be something between 10 to 30 seconds... guess you'll have to figure that out by hit and trial.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...