Re: regarding VPN user password management on cisco ASA 5510
I don't think there is any way a vpn user can change the password ( or the user account) after getting connected to the ASA, except maybe by telnet or ssh to the inside interface of the ASA, login to it and change the password.
When a vpn client connects, the only thing that changes is that it can access the remote internal networks, including the ASA's inside interface. If user on vpn client wants to login to ASA, he still needs to authenticate to it.
regarding VPN user password management on cisco ASA 5510
just finished researching this, and came to the conclusion that there are only a few limited options:
-Cisco ACS vmware "device
-cisco acs appliance
-Microsoft AD database with ldap integration to asa
-Microsoft AD database with radius integration to asa
I have configured ACS + radius + ad, but this was on older ACS software, where ACS only supported UCP. now it appears like ACS 5.X supports change password from its local database (not the ASA), so you don't need to pass this to M$ AD. Cisco really needs to develop the code to do PWD change on the ASA local user accounts option. that would help smaller organizations with 10-30 accounts, for example.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...