Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3121
Views
0
Helpful
3
Replies

cisco ASA 5516 - Password Policy

Go to solution
sahrizal123
Level 1
Level 1

‎10-04-2016 09:16 PM - edited ‎02-21-2020 05:55 AM

Hi,

If i configure lifetime 90 days.....before the password expired...

1. any notification during before password expired ?

2. The password related to local password VPN anyconnect as well ?

    anyconnect user can change their own password ...before expired at 90 days ?

3. Password policy feature dont have at 8.0(5)25  firmware ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2016 06:35 AM

1. No

2. Yes - as long as you haven't checked the box at the bottom of that form.

3. For the expiration policy only - yes - that feature has been around since ASA 7.1(1). For the more full set of features (length, character types etc) - no. Those features were introduced in ASA Software Release 9.1(1).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-06-2016 06:35 AM

1. No

2. Yes - as long as you haven't checked the box at the bottom of that form.

3. For the expiration policy only - yes - that feature has been around since ASA 7.1(1). For the more full set of features (length, character types etc) - no. Those features were introduced in ASA Software Release 9.1(1).

0 Helpful

Go to solution
sahrizal123
Level 1
Level 1

‎10-07-2016 12:56 AM

Thanks Marvin,

1. How to know when the password will expired ? all user need to remember manually ?

   Beacuse for windows server it will prompt warning before password expired....

2.  " Login Password Retry Lockout " can configure at ASA version 9.5(2) ? currently no radius server for credential all in local ASA

thank you :)

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sahrizal123

‎10-08-2016 09:50 PM

sahrizal123  ,

Unfortunately the password management features when using the ASA local password storage are very limited.

Typically the admin sets the local user passwords and, yes, that admin needs to keep track manually of the expiry date.

One cannot set the retry lockout for local passwords.

Cisco recommends using an external AAA server like a RADIUS, LDAP, AD server etc. if you want those sort of features.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card