Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1280
Views
0
Helpful
1
Replies

Local accounts for VPN users can't change their passwords.

kevin.joyce
Level 1
Level 1

‎10-12-2016 10:58 AM

I have setup local users on my ASA that are allowed to connect over the AnyConnect VPN client.  Unfortunately, these users are not able to change their own password through vpn client.  I have to manually tell users their passwords and reset them on the firewall.  This is a security/confidentiality concern for me as well as the users.  Can the functionality be added so an administrator can check a box that would prompt the user to change their password at the first login?  We should also be able to expire local accounts after a certain period and/or on a certain date.  

If there is a fix/work around for this I would like to see it.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2016 12:44 PM

The ASA local password functionality is pretty limited. Cisco doesn't really intend for it to be used as the primary credential store for remote access users.

For AnyConnect users to be able to change their own password, you need to be using an external identity source (like Active Directory).

You can set expiration date for local passwords but the ASA doesn't give the user any warning or notice of it - the password just stops working for them. 

0 Helpful
Customers Also Viewed These Support Documents