Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7482
Views
15
Helpful
8
Replies

Cisco VPN client did not prompt to change password when Radius ID is due expired.

Go to solution
wjlee1989
Level 1
Level 1

‎09-05-2012 01:23 AM

Greetings, I would like to know what is causing Cisco VPN client software at user PC did not prompt to change password when their Radius ID's password is expiring/expired. I would also like to know what is the solution to work around it. Thanks in advance.

.-asd-.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9
In response to wjlee1989

‎09-14-2012 06:28 AM

Hi,

Is the "password-management" command configured?

For the password-expire feature to work in conjuction with Radius, that is all you need on the ASA.

Let me know.

Thanks.

View solution in original post

8 Replies 8

Go to solution
wjlee1989
Level 1
Level 1

‎09-10-2012 02:06 AM

Bumping my own thread, anyone can provide me answer?

.-asd-.
0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-10-2012 05:39 AM

Hi Lee,

Could you please share the tunnel-group configuration?

Is the "password-management" command configured?

Please keep me posted.

Portu.

Go to solution
wjlee1989
Level 1
Level 1
In response to Javier Portuguez

‎09-10-2012 11:39 PM

Thanks for replying, currently we are using ASA 5520, with ASDM 6.4 console. The configurations you had mentioned is located in the firewall, or RADIUS server?

.-asd-.
0 Helpful

Go to solution
wjlee1989
Level 1
Level 1

‎09-14-2012 12:05 AM

Here is more details of the issue: After we have migrated VPN host from Concentrator to ASA5510, the user credentials are stored in RADIUS server, we have noticed when the VPN user's password expired and requires reset (or a few days before expiring), the VPN client will not prompt user to create new password and accept new credential, and they are stuck at the Username/Password prompt instead. Can anyone enlighten me how to solve this issue?

.-asd-.
0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to wjlee1989

‎09-14-2012 06:28 AM

Hi,

Is the "password-management" command configured?

For the password-expire feature to work in conjuction with Radius, that is all you need on the ASA.

Let me know.

Thanks.

Go to solution
wjlee1989
Level 1
Level 1
In response to Javier Portuguez

‎09-17-2012 06:59 PM

From the guide which I have studied, that it is the command 

"hostname(config-tunnel-general)# password-management"

is this correct? Is there a way I can view if it is being configured?

Regards.

.-asd-.
0 Helpful

Go to solution
wjlee1989
Level 1
Level 1

‎09-19-2012 01:39 AM

After setting the password-management configuration the VPN client is able to prompt user to input new PIN when it is expired. From the white paper the default prompt message will warn the user 14 days before expiring. Thanks for the help!

.-asd-.
0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to wjlee1989

‎09-19-2012 07:53 AM

Great news

Thanks for counting on us.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents