Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
0
Helpful
4
Replies

Cisco ASA System Administrator account expiry

Go to solution
Colin Scales
Level 1
Level 1

‎08-23-2016 07:36 AM - edited ‎03-12-2019 01:10 AM

Hi,

I am looking for a way to setup a 90 day system administrator password expiry for my ASA post 8.3 firewall.

Essentially what I am trying to achieve is the following. Have the password expire after the set period, prompting the user to input a new password at the ASA prompt directly.

I have setup a Radius server on Windows 2008 for the authentication piece but it does not allow for the prompt to change password on the ASA once expired. This would require a system admin to login to the Windows box to re-enable the said account.

My question and hope is that there is some way of doing this so that the ASA can populate the backend authentication node once the user has changed their password on the ASA CLI prompt and by doing so, restart the 90 day period.

Any input would be greatly appreciated.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pradypan
Cisco Employee
Cisco Employee
In response to Colin Scales

‎08-23-2016 05:06 PM

Hi Leo,

The feature has been added on 9.1.x train is from version 9.1.2 and onwards. You need to upgrade the ASA to respective version in order to get the support for the same.

The feature is not supported on version 9.1.1. Please find the below release notes for your reference as well.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-685480


Regards
Pradyumna

View solution in original post

0 Helpful
4 Replies 4

Go to solution
pradypan
Cisco Employee
Cisco Employee

‎08-23-2016 10:31 AM

Hi Leo,

As per your query I understand that you are looking for managing the passwords for administrator users on ASA to have a lifetime value set on the same. The password policies can be managed on ASA supported from version 8.4.4.1 onwards.

Please refer the document for the same. I think this will fulfil your requirement.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_aaa.html#wp1116630

Regards

Pradyumna

0 Helpful

Go to solution
Colin Scales
Level 1
Level 1
In response to pradypan

‎08-23-2016 01:10 PM

Hi Pradyumna,

Thank you for such a quick response.

I am running the following version of IOS

System image file is "disk0:/asa911-smp-k8.bin"

Unfortunately the command line does not allow for any password-policy type commands.

The only password command that appears to be allowed from global configuration mode is "password encryption aes"

What am I missing here?

Thanks again.

0 Helpful

Go to solution
pradypan
Cisco Employee
Cisco Employee
In response to Colin Scales

‎08-23-2016 05:06 PM

Hi Leo,

The feature has been added on 9.1.x train is from version 9.1.2 and onwards. You need to upgrade the ASA to respective version in order to get the support for the same.

The feature is not supported on version 9.1.1. Please find the below release notes for your reference as well.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-685480


Regards
Pradyumna

0 Helpful

Go to solution
Colin Scales
Level 1
Level 1
In response to pradypan

‎08-27-2016 01:15 AM

Hi Pradyumna,

Thank you so much for your guidance on this query. It has been very helpful.

I think that I will have to go with an AD Radius solution that will authenticate against Windows security policies. This will allow me to change the user password for my ASA and switches by changing my Windows password. Got to to it this way as I need a 90 day timeout with a prompt for password at the end of the 90 days. Windows gives me this.

Again Pradyumna, thanks you for your help on this.

Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card