cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1345
Views
15
Helpful
10
Replies

l2tp vpn client change password in ISE

Hi

i use cisco router (in edge)for remote access vpn server for windows clients (users connect from internet ) and router
use aaa server (CISCO ISE 2.4) for authentication users .
my problem :
how remote access vpn users (L2TP Over IPSEC) can change password after connect ?
can i use cisco ise Guest Portal for this problem ? if yes , how ?
thanks

10 REPLIES 10
balaji.bandi
VIP Master

is this a AD integration or Local users in ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

 Local users in ISE 

Rob Ingram
VIP Mentor

@hamidreza.taghipur You can create a MyDevices portal, they can change the password once logged into the portal. This will change their internal ISE password used for the VPN.

 

HTH

Thanks for reply , 

I create device portal the same sample

https://community.cisco.com/t5/network-access-control/ise-password-change-portal-ucp-with-my-devices-portal/m-p/3475680

 

But users after connect vpn , can not open portal url  (https://ise ip:8443) and just show certificate error page , should i create authorize rule for this ?

Rob Ingram
VIP Mentor

When you say certificate error, is it just that the users don't trust the certificate in use on that portal? If they just acknowledge the certificate error, they should be able to continnue and the portal will be presented. If you don't want this error you could use a certificate signed by a public CA.

 

Provide a screenshot if that is not the case.

Excuse me

my purpose in certificate error was " this is blank page with certificate error " 

And i have not login change password page 

Rob Ingram
VIP Mentor

So you created a mydevices portal using the example you provided?

Did you configure it to listen on port 8443 as you specified?

Provide screenshots of your mydevices portal configure and the error you get.

i send my config  screenshot , i have not any  logs endpoint id after connect vpn clients , and no endpoint identity group

 

1-Mydevice Portal11.png2-Mydevice Portal22.jpg3-endpoit.jpg4-client1.jpg5-client after accept proceed (unsafe).jpg

Rob Ingram
VIP Mentor

Under the portal configuration, click the portal test URL - use that url. Alternatively define an FQDN under the configuration, you'll need a DNS entry on your internal DNS server.

The problem could not be solved

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (40%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel