Currently, Cisco IOS Easy VPN clients send the username and password values to the EasyVPN Server, which in turn sends them to the authentication, authorization, and accounting (AAA) subsystem. The AAA subsystem generates an authentication request to the RADIUS server. If the password has expired, then the RADIUS server replies back with an authentication failure.
The reason for the failure is not passed back to AAA subsystem, so the user is denied access because of authentication failure but does not know that the failure is due to password expiry.
In order to resolve this issue, upgrade the router to Cisco IOS Software Release 12.4(6)T.
With release of Cisco IOS Software Release 12.4(6)T, the AAA Password Expiry infrastructure notifies the Easy VPN client that the password has expired, and provides a generic way for the user to change the password.
hi all i want to send the firepower user-ip-mapping informations as syslog to Palo Alto, and then we will use the syslog parser to get usernames in Palo Alto. how i send only user traffic or user activity logs as syslog on FMC or Sensor ?&...
Hello, Is there any way to increase the limit of 5 concurrent ssh sessions in a Cisco ASA ?I have tried increasing the quota-management session limit but still the ssh sessions are limited to 5. Thanks.
I understand the default setting for AMP4E for servers is without DFC and in audit mode and SP and exploit prevention turned on. How does that provide protection against buffer overflows etc targeted at the server ? A lot of times servers are e...
Recently lost the ability to SSH/ASDM into the active ASA - any suggestions ?CS-FW1/stby/sec# sho run | i sshaaa authentication ssh console LOCALno ssh stricthostkeycheckssh 10.50.0.0 255.255.0.0 insidessh timeout 30ssh key-exchange group dh-group1-sha1!C...
Keep seeing this in the Syslog for my Cisco ASA 5506-X: %ASA-2-106016: Deny IP spoof from (::) to XXXX::X:XXXX:d327 on interface inside_3. Repeats 3 times in a row at what seems to be random intervals. What does this mean? From what I unde...