Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1649
Views
0
Helpful
0
Comments

Password Expiry fails to work on the Cisco IOS router

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:39 PM

Core issue

Currently, Cisco IOS Easy VPN clients send the username and password values to the EasyVPN Server, which in turn sends them to the authentication, authorization, and accounting (AAA) subsystem. The AAA subsystem generates an authentication request to the RADIUS server. If the password has expired, then the RADIUS server replies back with an authentication failure.

The reason for the failure is not passed back to AAA subsystem, so the user is denied access because of authentication failure but does not know that the failure is due to password expiry.

Resolution

In order to resolve this issue, upgrade the router to Cisco IOS  Software Release 12.4(6)T.

With release of Cisco IOS Software Release 12.4(6)T, the AAA Password Expiry infrastructure notifies the Easy VPN client that the password has expired, and provides a generic way for the user to change the password.

In order to download the suggested image, use the Cisco IOS Upgrade Planner.

Note: The Password Expiry feature is not supported on the hardware client.

Refer to AAA Password Expiry in Cisco IOS EasyVPN for more information.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents