regarding VPN user password management on cisco ASA 5510

Mr Manish Kumar Jain · ‎10-05-2010

Can any VPN user change their user account password through tunnel which configured on local database of ASA 5510?

Rudresh Veerappaji · ‎10-05-2010

Hi Manish,

I don't think there is any way a vpn user can change the password ( or the user account) after getting connected to the ASA, except maybe by telnet or ssh to the inside interface of the ASA, login to it and change the password.

When a vpn client connects, the only thing that changes is that it can access the remote internal networks, including the ASA's inside interface. If user on vpn client wants to login to ASA, he still needs to authenticate to it.

Let me know if this helps,

Cheers,

Rudresh V

marcobinda · ‎10-05-2010

Hello,

I don't think there is a procedure to let the users change their own password on the ASA local DB.

You can find this option with the UCP application in the Cisco Secure ACS,

and if you have more then few users to manage, I think you need some RADIUS server.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094e7b.shtml

Regards,

Marco.

will · ‎02-09-2012

just finished researching this, and came to the conclusion that there are only a few limited options:

-Cisco ACS vmware "device

-cisco acs appliance

-Microsoft AD database with ldap integration to asa

-Microsoft AD database with radius integration to asa

I have configured ACS + radius + ad, but this was on older ACS software, where ACS only supported UCP. now it appears like ACS 5.X supports change password from its local database (not the ASA), so you don't need to pass this to M$ AD. Cisco really needs to develop the code to do PWD change on the ASA local user accounts option. that would help smaller organizations with 10-30 accounts, for example.