Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3052
Views
5
Helpful
2
Replies

ASA Local User Password Policy

Go to solution
SDKIM
Level 1
Level 1

‎01-02-2018 06:37 PM - edited ‎03-12-2019 04:52 AM

Hello,

 

I have two questions regarding ASA SSL VPN Local user password policy.

Q1. Currently there is no password policy predefined. But now I'd like to setup the local user password policy, e.g. lifetime 30days, Minimum length 8.

In this case, what will the previous users happen? they will still be able to login without any troubles? even it has less than 8digit password?

Q2. Is there any way for the users to change the password once the password lifetime is expired? (We are using the local users, not external AAA Server)

 

Any comment would be thanksful.

 

KIM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-02-2018 09:54 PM

Hi

When setting the password policy, existing users will be able to connect with their old password. The policy applies on new password.

However, using local database won't allow users to change their password, it has to be initiated by an asa admin.
I highly recommend to move with a radius or ldap database. If you have AD server in your infrastructure, just leverage it or you can deploy a radius server at low cost; and have a real password management system (users will be able to get notified when password expires or change their password and their own)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-02-2018 09:54 PM

Hi

When setting the password policy, existing users will be able to connect with their old password. The policy applies on new password.

However, using local database won't allow users to change their password, it has to be initiated by an asa admin.
I highly recommend to move with a radius or ldap database. If you have AD server in your infrastructure, just leverage it or you can deploy a radius server at low cost; and have a real password management system (users will be able to get notified when password expires or change their password and their own)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
SDKIM
Level 1
Level 1
In response to Francesco Molino

‎01-02-2018 11:00 PM

Appreciate for your reply. Good Luck!!
0 Helpful
Customers Also Viewed These Support Documents