Currently, Cisco IOS Easy VPN clients send the username and password values to the EasyVPN Server, which in turn sends them to the authentication, authorization, and accounting (AAA) subsystem. The AAA subsystem generates an authentication request to the RADIUS server. If the password has expired, then the RADIUS server replies back with an authentication failure.
The reason for the failure is not passed back to AAA subsystem, so the user is denied access because of authentication failure but does not know that the failure is due to password expiry.
In order to resolve this issue, upgrade the router to Cisco IOS Software Release 12.4(6)T.
With release of Cisco IOS Software Release 12.4(6)T, the AAA Password Expiry infrastructure notifies the Easy VPN client that the password has expired, and provides a generic way for the user to change the password.
Let me try to explain it : On our ESA we have 2 data interfaces DATA : ipaddress ex 10.64.xx.101 appliaction mail interfaceDATA1 : ipaddess ex 10.64.xx.103 massmail interface On each data interface we have a listener DATA -...
Hi All,I am replacing an existing ASA 5525 device with new ASA 5525 FTD. All configuration need to migrate into new box. After successfully perform the migration (Using Firepower Migration Tool (FMT) and a temporary Virtual Firepower Management Cente...
Greetings I am using the cisco anyconnect client to access a vpn.The problem is that every 4 ~ 5 minutes the vpn simply disconnects me with the message: The secure gateway has terminated the VPN connection. The following message was receive...