Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

asa vpn and ad password expiration without vpn client


The setup is: vpn on asa using ms ias (ms chap v2 with 'user can change password...' option and empee 128bit as encryption). 'password management' option is set up on asa. Everyting is working fine when we are using vpn client (users can change pin/password after it expires), but the problem is with clientless connection. it works fine, but when password expires users are prompted to change password, but the password is not changed and user cannot connect.

Q1: is it possible to change expired password using clientless connection?

Q2: if so, what could be wrong?

Thanks for help,


Community Member

Re: asa vpn and ad password expiration without vpn client

SOrry for "piggybacking" on of your post, but I have been trying to get this working for a few weeks now. I tried using LDAP to my AD server. The problem with that is that is requires secure LDAP, which I am not ready to venture down that road until I get a better understanding of what implications it will have on my server. To that end, if anyone has managed to get password changes working through an SSL VPN client, I would also appreciate any information on it. Thanks.

CreatePlease to create content