Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA VPN Auth problem

I have CIsco ASA 5510 that I used for VPN access. I have it setup to Authenticate against AD for username and password. That all works fine, the problem is if a user enters an incorrcet password in VPN logon, it appears the ASA will try repeatly to auth against AD.....our AD policy is 3 failed attempts and account is locked out. So the end result is if a user enters an incorrect password, their account gets locked out. Anyone have a fix for this??

Thanks

4 REPLIES
Silver

Re: ASA VPN Auth problem

Please click the below URL which will help you how to use the Cisco ASA to configure authentication and authorization server groups on the Cisco PIX 500 Series Security Appliance.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008060f261.shtml#maintask1

Community Member

Re: ASA VPN Auth problem

I have it setup and working, like I stated, if a users enters a wrong password, it will lock their account. I don't see anything in there that addresses my issue.

Thanks

Community Member

Re: ASA VPN Auth problem

Try configuring the maximum failed attemps under your AD policy (less than 3 attemps) for your AAA server group.

Configuation->Device Management->Users/AAA->Edit AAA server group->Max Failed Attemps

Re: ASA VPN Auth problem

Hi,

If your Windows Account Policy is set to 3 failed attempts, therefore the account will lock if the user enters incorrect password 3x.

However, you didn't mentioned how many times the user enters incorrect passwords.

If the user aenters incorrect password 3x and the account locks out, then you have two choices;

1. Set the account unlock after 15minutes (sample only) or

2. Set the failed attempts to higher than 3x

If the user actually enters incorrect password 1x and the account locks out, there could be a problem with ASA5510 setup.

In Windows 2003, I don't think you can disable account lock out.

1723
Views
0
Helpful
4
Replies
CreatePlease to create content