Solved

Is it possible to set changing VPN passwords with Cisco ASA?

Posted on 2008-06-19
3
452 Views
Last Modified: 2012-05-05
Our remote workers use VPN to access the office, we set them up with a username and password on our Cisco ASA 5520.  Which they then use to connect via the Cisco VPN client.

At the moment the VPN account has a password that never changes.  Is there a way to force changes to the password after a set expiration period ?  

OR ... another proposed idea .. is there anyway we could implement a random password generator and matching key fob password generator to users that they have to use to look at the current (often changing) password to get in ?

Any help is most appreciated.
0
Comment
Question by:stemc
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 21820873
>> Is there a way to force changes to the password after a set expiration period ?

Depends on how the username and password is being presented - are they stored on local database (in the ASA), Via RADIUS (Windows IAS), or Via TACACS+?

If they are stored on the ASA then No - if thay are stored in IAS or TACACS+ then yes :)
0
 

Author Closing Comment

by:stemc
ID: 31468699
Thanks Pete, they are stored on the ASA only.  I'll have a read up on the other methods you metion,

regards

Ste
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21836815
No Problem - if you want to go RADIUS/IAS theres a piece on my website :)
 http://www.petenetlive.com/Tech/Firewalls/Cisco/c2svpnRADIUS.htm
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question