Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1181
Views
5
Helpful
2
Replies

VPN Client not prompting for domain

jimgrumbles
Level 1
Level 1

‎03-20-2008 10:37 AM - edited ‎02-21-2020 03:37 PM

I'm in the middle of doing some testing to migrate from a VPN 3005 to our ASA 5520s. I've got the basics working, however when connecting to the ASA it only prompts for the username and password . When I connect to the VPN 3005 it also prompts for the domain. Any idea how I can force it to prompt for domain on the ASA?

Both devices are authenticating to the same ACS server. For "Authenticate Using" The VPN 3005 is using RADIUS (Cisco VPN 3000) and the ASA is set to RADIUS (Cisco IOS/PIX). I have tried setting the ASA to utilize RADIUS (Cisco VPN 3000) as well but it still doesn't prompt for the domain.

Thanks for any help.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎03-20-2008 11:23 AM

You could add the command "password-management".

This will add the domain prompt and also allow password changes after expiration.

tunnel-group xxxxxxx general-attributes

password-management

jimgrumbles
Level 1
Level 1
In response to acomiskey

‎03-21-2008 10:16 AM

Forgot to reply but obviously by my vote you could probably tell this did the trick.

I guess that's what I get for using the GUI, always been a command line kind of person but I'm new to the ASAs. Guess I should muck around with the CLI stuff more once I get the basics working.

It looks like the password-management command is more for enforcing AD policies via the VPN and that the domain field appearing is just a side effect?

Regardless, thank you for the quick response.

0 Helpful
Customers Also Viewed These Support Documents