Solved: Cisco FTD Password Change

Imm · ‎01-27-2022

Hello,

We have cisco FTD which is integrated with Active Directory. Also there is configured Remote Access VPN (Anyconnect), Authentication done via AD User. There is problem with password change, when users password is expired, he cannot login into vpn, how I can configure password change through Anyconnect?

Thanks

Rob Ingram · ‎01-27-2022

@Imm if you are using LDAP rather than RADIUS, use LDAPS.

View solution in original post

balaji.bandi · ‎01-27-2022

Same way we do CTRL+ALT +delete and change the password ? is this not working ?

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎01-27-2022

@Imm Have you enabled Password Management under the AAA settings of the RAVPN Policy?

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_remote_access_vpns.html#id_manage_pwd

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/217437-configure-ftd-remote-access-vpn-with-msc.pdf

Imm · ‎01-27-2022

As I have discovered, I need to change type of integration from LDAP (port 389) to LDAP Over SSL (636)

Is it correct?

Rob Ingram · ‎01-27-2022

@Imm if you are using LDAP rather than RADIUS, use LDAPS.

Imm · ‎01-27-2022

I can't use Radius, I don't see Radius options in FMC

Rob Ingram · ‎01-27-2022

@Imm you can do RADIUS in FMC. In the Remote Access VPN configuration it's referred to as AAA, as per the screenshots in this link.

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/217437-configure-ftd-remote-access-vpn-with-msc.pdf

Imm · ‎01-27-2022

Yes, but version of my FMC is 6.6.4

Thanks.

Rob Ingram · ‎01-27-2022

@Imm RADIUS/AAA is supported in 6.6.4. Go to Objects > Object Management > RADIUS Server Group to define the RADIUS server and group. You reference this group under the AAA settings.

Imm · ‎01-27-2022

Yes, I see. Thanks!