Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1096
Views
0
Helpful
0
Replies

Password Resets Cisco ISE and Cisco ASA issue

JonMoss92624
Level 1
Level 1

‎09-30-2020 05:10 AM - edited ‎09-30-2020 05:37 AM

Hi all, i've recently set up cisco anyconnect on a cisco5525X appliance running ver9.14(1)10, i'm using radius via Cisco ISE v2.7 which is connecting to active directory

 

I've come to configure password resets for users with expired passwords, I have done this by enabling "password management" in the in tunnel-group/Connection Profile, the prompt correctly appears and allows the users to change their password on clientless or via the anyconnect client.  However as soon as they do this they can no longer authenticate, they get 'authentication failed'.  If I remove the command "password-management" in tunnel-group/Connection Profile then they can login no problem.

 

We are using secondary authentication with an RSA appliance

In the ASA logs i can see the AAA user authentication Rejected : reason = AAA failure : server = 10.0.110.10 : user = ***** : user IP = *.*.*.* 

 

When I check the Radius logs on Cisco ISE they show up as authentication passed at all times

 

There is nothing in the logs of the RSA appliance

 

 

Any thoughts appreciated

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card