cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28425
Views
15
Helpful
2
Replies

Cisco ANYCONNECT VPN Active Directory User Password Expiration

john.cabrera
Level 1
Level 1

HI Guys,

I  need help regarding this problem. I have a Cisco ASA5510 firewall that  has SSL Web VPN functionality and is utilizing AD Server as  Authentication server for users. However, we have a policy to change  password at certain point of time. Users in the office have no problem.  They just login their PC and change password. Users outside of office is  a pain when their password is expired. Is it posible for them to change  their AD password thru VPN using Cisco Anyconnect? If yes, can you show  me how?

Regards,

JOHN

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can configure "password-management" command.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1879916

Hope that helps.

Jatin Katyal
Cisco Employee
Cisco Employee

If your Ad is acting as a LDAP server and listining to port TCP 636 then this is what you need to configure:

http://www.jjohnstonit.com/wp/2011/12/cisco-asa-vpn-ldap-password-management.

However, IF AD is acting as a radius server (like MS IAS or NPS) then you just need to issue "password-management" under respective tunnel-group on ASA.

The only difference in both the setup is that with LDAP, the end user will get a warning before password get expired and with radius the user will be prompted to change the password very last day.

Let us know if you have any doubt.

Regards,

Jatin

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: