https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726760#M13342 Try to create a new profile and see if its greyed out as well. I don't<BR />think this is related to multicontext.<BR /> Wed, 17 Oct 2018 04:44:00 GMT Mohammed al Baqari 2018-10-17T04:44:00Z https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726305#M13321 <P>So I configured Active-Active failover on my 5545 ASA's, and everything looks great other than 1 small thing - users cannot save passwords on their clients anymore. I "ticked" that in ASDM before, which is an equivalent to setting "password-storage enable" in the group policy attribues, but now the command is gone via SSH, and in ASDM it is greyed out wherever I can find it.</P> <P>&nbsp;</P> <P>Any ideas how I can "resurrect" the feature ?</P> <P>&nbsp;</P> <P>Thank you in advance !</P> Fri, 21 Feb 2020 16:21:33 GMT https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726305#M13321 mAcRoS 2020-02-21T16:21:33Z https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726760#M13342 Try to create a new profile and see if its greyed out as well. I don't<BR />think this is related to multicontext.<BR /> Wed, 17 Oct 2018 04:44:00 GMT https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726760#M13342 Mohammed al Baqari 2018-10-17T04:44:00Z https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726883#M13371 <P>This setting is usually in group policy, but I still created a new profile, which generated a new group policy, and the store password option is not there.</P> <P>&nbsp;</P> <P>I also did some investigations in the CLI, and the command is not available, and is not present in the&nbsp;DfltGrpPolicy&nbsp;</P> <PRE>FW/admin# sh run all group-policy DfltGrpPolicy group-policy DfltGrpPolicy internal group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-idle-timeout alert-interval 1 vpn-session-timeout none vpn-session-timeout alert-interval 1 vpn-filter none vpn-tunnel-protocol ikev1 ikev2 ip-comp disable group-lock none pfs disable split-tunnel-policy tunnelall ipv6-split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none split-tunnel-all-dns disable client-bypass-protocol disable gateway-fqdn none msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable msie-proxy pac-url none msie-proxy lockdown enable vlan none address-pools none ipv6-address-pools none smartcard-removal-disconnect enable security-group-tag none periodic-authentication certificate none webvpn homepage none anyconnect ssl dtls enable anyconnect mtu 1406 anyconnect firewall-rule client-interface private none anyconnect firewall-rule client-interface public none anyconnect keep-installer installed anyconnect ssl keepalive 20 anyconnect ssl rekey time none anyconnect ssl rekey method none anyconnect dpd-interval client 30 anyconnect dpd-interval gateway 30 anyconnect ssl compression none anyconnect dtls compression none anyconnect modules none anyconnect profiles none anyconnect ssl df-bit-ignore disable anyconnect routing-filtering-ignore disable</PRE> <P>&nbsp;</P> <PRE>FW/admin(config-group-policy)# password-storage enable ^ ERROR: % Invalid input detected at '^' marker. FW/admin(config-group-policy)# FW/admin(config-group-policy)# password-storage ? ERROR: % Unrecognized command</PRE> <P>So it seems like this command is not available at all ?</P> <P>&nbsp;</P> <P>Here is version info, which would be helpful I guess</P> <PRE>FW/admin# sh version Cisco Adaptive Security Appliance Software Version 9.9(2) &lt;context&gt; Firepower Extensible Operating System Version 2.3(1.84) Device Manager Version 7.9(2) Compiled on Sun 25-Mar-18 17:39 PDT by builders FW up 12 hours 10 mins failover cluster up 4 days 17 hours Hardware: ASA5545, 12288 MB RAM, CPU Lynnfield 2659 MHz, 1 CPU (8 cores) ASA: 6455 MB RAM, 1 CPU (1 core) BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1) Boot microcode : CNPx-MC-BOOT-2.00 SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005 IPSec microcode : CNPx-MC-IPSEC-MAIN-0026 Number of accelerators: 1 Baseboard Management Controller (revision 0x1) Firmware Version: 2.4</PRE> <P>&nbsp;</P> Wed, 17 Oct 2018 09:36:52 GMT https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3726883#M13371 mAcRoS 2018-10-17T09:36:52Z https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3727863#M13390 <P>After switching back to single context the "password-storage enable" command is back in the group-policy and works as expected. Maybe I am missing something, but this setup is ok for me, so I will stick to single context and Active/Standby HA setup.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 18 Oct 2018 13:18:24 GMT https://community.cisco.com/t5/network-security/asa-5545-multiple-contexts-and-vpn-password-saving-on-client/m-p/3727863#M13390 mAcRoS 2018-10-18T13:18:24Z