Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1898
Views
15
Helpful
10
Replies

l2tp vpn client change password in ISE

hamidreza.taghipur
Level 1
Level 1

‎12-06-2020 12:39 AM

Hi

i use cisco router (in edge)for remote access vpn server for windows clients (users connect from internet ) and router
use aaa server (CISCO ISE 2.4) for authentication users .
my problem :
how remote access vpn users (L2TP Over IPSEC) can change password after connect ?
can i use cisco ise Guest Portal for this problem ? if yes , how ?
thanks

0 Helpful
10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

‎12-06-2020 12:49 AM

is this a AD integration or Local users in ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

hamidreza.taghipur
Level 1
Level 1
In response to balaji.bandi

‎12-06-2020 01:08 AM

 Local users in ISE 

0 Helpful

Rob Ingram
VIP
VIP

‎12-06-2020 02:24 AM

@hamidreza.taghipur You can create a MyDevices portal, they can change the password once logged into the portal. This will change their internal ISE password used for the VPN.

 

HTH

hamidreza.taghipur
Level 1
Level 1
In response to Rob Ingram

‎12-06-2020 07:20 AM

Thanks for reply , 

I create device portal the same sample

https://community.cisco.com/t5/network-access-control/ise-password-change-portal-ucp-with-my-devices-portal/m-p/3475680

 

But users after connect vpn , can not open portal url  (https://ise ip:8443) and just show certificate error page , should i create authorize rule for this ?

0 Helpful

Rob Ingram
VIP
VIP

‎12-06-2020 07:56 AM - edited ‎12-06-2020 08:14 AM

When you say certificate error, is it just that the users don't trust the certificate in use on that portal? If they just acknowledge the certificate error, they should be able to continnue and the portal will be presented. If you don't want this error you could use a certificate signed by a public CA.

 

Provide a screenshot if that is not the case.

0 Helpful

hamidreza.taghipur
Level 1
Level 1
In response to Rob Ingram

‎12-06-2020 08:20 AM

Excuse me

my purpose in certificate error was " this is blank page with certificate error " 

And i have not login change password page 

Rob Ingram
VIP
VIP

‎12-06-2020 09:06 AM

So you created a mydevices portal using the example you provided?

Did you configure it to listen on port 8443 as you specified?

Provide screenshots of your mydevices portal configure and the error you get.

0 Helpful

hamidreza.taghipur
Level 1
Level 1
In response to Rob Ingram

‎12-06-2020 10:13 PM

i send my config  screenshot , i have not any  logs endpoint id after connect vpn clients , and no endpoint identity group

 

1-Mydevice Portal11.png2-Mydevice Portal22.jpg3-endpoit.jpg4-client1.jpg5-client after accept proceed (unsafe).jpg

0 Helpful

Rob Ingram
VIP
VIP

‎12-07-2020 01:59 AM

Under the portal configuration, click the portal test URL - use that url. Alternatively define an FQDN under the configuration, you'll need a DNS entry on your internal DNS server.

0 Helpful

hamidreza.taghipur
Level 1
Level 1
In response to Rob Ingram

‎12-07-2020 06:28 AM

The problem could not be solved

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents