64-84
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Note Allowing override account-disabled is a potential security risk.
–
Enable notification upon password expiration to allow user to change password—Checking this
check box makes the following two parameters available. You can select either to notify the user
at login a specific number of days before the password expires or to notify the user only on the
day that the password expires. The default is to notify the user 14 days prior to password
expiration and every day thereafter until the user changes the password. The range is 1 through
180 days.
Note This does not change the number of days before the password expires, but rather, it enables
the notification. If you select this option, you must also specify the number of days.
In either case, and, if the password expires without being changed, the adaptive security
appliance offers the user the opportunity to change the password. If the current password has
not yet expired, the user can still log in using that password.
This parameter is valid for AAA servers that support such notification; that is, RADIUS,
RADIUS with an NT server, and LDAP servers. The adaptive security appliance ignores this
command if RADIUS or LDAP authentication has not been configured.
This feature requires the use of MS-CHAPv2.
Modes
The following table shows the modes in which this feature is available:
Configuring Client Addressing
To specify the client IP address assignment policy and assign address pools to all IPsec and SSL VPN
connections, choose Config > Remote Access VPN > Network (Client) Access > IPsec or SSL VPN
Connections > Add or Edit > Advanced > Client Addressing. The Add IPsec Remote Access Connection
or Add SSL VPN Access Connection opens. Use this dialog box to add address pools and assign them
to interfaces, and view, edit, or delete them. The table at the bottom of the dialog box lists the configured
interface-specific address pools.
To understand the fields in this dialog box or its descendent dialog boxes, see the sections that follow
this one. You can view or change the configuration of address pools and their assignment to interfaces,
as follows:
• To view or change the configuration of address pools, click Add or Edit in the Add IPsec Remote
Access Connection or Add SSL VPN Access Connection dialog box. The Assign Address Pools to
Interface dialog box opens. This dialog box lets you assign IP address pools to the interfaces
configured on the adaptive security appliance. Click Select. The Select Address Pools dialog box
opens. Use this dialog box to view the configuration of address pools. You can change their address
pool configuration as follows:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
