Cisco ASA 5505 Configuration Question

vage

2[H]4U
Joined
Jan 10, 2005
Messages
3,039
Alright so pretty specific question here that I'm pretty sure only a Cisco guru with experience in this will know.

I have a client, that is using a Cisco ASA 5505 as their primary firewall. The all require VPN access. Right now, I have them setup to use the AD server on site as their RADIUS authentication server, so they can easily use their AD account for SSL VPN access.

Because of security requirements, we'd like to force the users to change their AD passwords every 90 days. The issue with this, however, is that some users ONLY VPN in, and are never in the physical building.

I'd like the SSL VPN to notify them to update their password when the expiration date hits, which currently it does not, it just says access denied. I know this is possible, because I am a VPN user for a Dell hosted environment that has this setup.

Add on top of this, that one user is a Mac user, but we can cross that bridge when we get to it.

How do I setup the ASA to pass through that the users password has expired and needs to be updated, and then passes back the updated password to the AD server?
 

vage

2[H]4U
Joined
Jan 10, 2005
Messages
3,039
Looks like I need to make sure my AD server is also functioning as an LDAP server.
 
Top