Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
1
Replies

VPN Authentication issue

ethutchinson
Level 3
Level 3

‎08-05-2019 01:17 PM

We are using Anyconnect version 4.7 on an ASA5515x. We have about 60 users setup with Local Accounts on the ASA for authentication. This is becoming a headache when we want to force a change of passwords for the users. I know the local user database method does not have the option to let users manage their own passwords. I really want to keep the VPN accounts separate from the internal AD accounts. What would be a good option for allowing the users to manage their own passwords while keeping the VPN accounts and internal AD accounts separate. RADIUS looks like the option to get this done but I have no experience with it. Can anyone offer some guidance?

Thanks

Labels:
0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-06-2019 04:45 AM

Radius is one valid option. Do you have ISE in your environment? What is the motivation to keep AD users separate from VPN user accounts? Anyways if using radius you will want to configure your VPN connection profile/s for AAA. If you desire to use certs & AAA this is an option too. In that scenario you would perform cert auth at the ASA and username/pass against your AAA server (radius), which could be local radius accounts or mapped to AD.
0 Helpful
Customers Also Viewed These Support Documents