Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

regarding VPN user password management on cisco ASA 5510

Can any VPN user change their user account password through tunnel which configured on local database of ASA 5510?

  • VPN
3 REPLIES
Cisco Employee

Re: regarding VPN user password management on cisco ASA 5510

Hi Manish,

I don't think there is any way a vpn user can change the password ( or the user account) after getting connected to the ASA, except maybe by telnet or ssh to the inside interface of the ASA,  login to it and change the password.

When a vpn client connects, the only thing that changes is that it can access the remote internal networks, including the ASA's inside interface. If user on vpn client wants to login to ASA, he still needs to authenticate to it.

Let me know if this helps,

Cheers,

Rudresh V

New Member

Re: regarding VPN user password management on cisco ASA 5510

Hello,

I don't think there is a procedure to let the users change their own password on the ASA local DB.

You can find this option with the UCP application in the Cisco Secure ACS,

and if you have more then few users to manage, I think you need some RADIUS server.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094e7b.shtml

Regards,

Marco.

New Member

regarding VPN user password management on cisco ASA 5510

just finished researching this, and came to the conclusion that there are only a few limited options:

-Cisco ACS vmware "device

-cisco acs appliance

-Microsoft AD database with ldap integration to asa

-Microsoft AD database with radius integration to asa

I have configured ACS + radius + ad, but this was on older ACS software, where ACS only supported UCP. now it appears like ACS 5.X supports change password from its local database (not the ASA), so you don't need to pass this to M$ AD. Cisco really needs to develop the code to do PWD change on the ASA local user accounts option. that would help smaller organizations with 10-30 accounts, for example.

2873
Views
0
Helpful
3
Replies
This widget could not be displayed.