Optionally, you can configure the ASA to warn
end users when their passwords are about to expire.
The ASA supports password management for the
RADIUS and LDAP protocols. It supports the “password-expire-in-days” option for
You can configure password management for IPsec
remote access and SSL VPN tunnel-groups.
When you configure password management, the ASA
notifies the remote user at login that the user’s current password is about to
expire or has expired. The ASA then offers the user the opportunity to change
the password. If the current password has not yet expired, the user can still
log in using that password.
This command is valid for AAA servers that
support such notification.
The ASA, releases 7.1 and later, generally
supports password management for the following connection types when
authenticating with LDAP or with any RADIUS configuration that supports
AnyConnect VPN Client
IPsec VPN Client
Clientless SSL VPN
The RADIUS server (for example, Cisco ACS) could
proxy the authentication request to another authentication server. However,
from the ASA perspective, it is talking only to a RADIUS server.