69-69
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring Clientless SSL VPN Connections
Add or Edit Clientless SSL VPN Connections > Advanced
The Advanced menu items and their dialog boxes let you configure the following characteristics for this
connection:
• General attributes.
• Authentication attributes.
• Authorization attributes.
• Accounting attributes.
• Name server attributes.
• Clientless SSL VPN attributes.
Add or Edit Clientless SSL VPN Connections > Advanced > General
Use this dialog box to specify whether to strip the realm and group from the username before passing
them to the AAA server, and to specify password management options.
Fields
• Password Management—Lets you configure parameters relevant to overriding an account-disabled
indication from a AAA server and to notifying users about password expiration.
–
Enable notification password management—Checking this check box makes the following two
parameters available. You can select either to notify the user at login a specific number of days
before the password expires or to notify the user only on the day that the password expires. The
default is to notify the user 14 days prior to password expiration and every day thereafter until
the user changes the password. The range is 1 through 180 days.
Note This does not change the number of days before the password expires, but rather, it enables
the notification. If you select this option, you must also specify the number of days.
In either case, and, if the password expires without being changed, the ASA offers the user the
opportunity to change the password. If the current password has not yet expired, the user can
still log in using that password.
This parameter is valid for AAA servers that support such notification; that is, RADIUS,
RADIUS with an NT server, and LDAP servers. The ASA ignores this command if RADIUS or
LDAP authentication has not been configured.
–
Override account-disabled indication from AAA server—Overrides an account-disabled
indication from a AAA server.
Note Allowing override account-disabled is a potential security risk.
Modes
The following table shows the modes in which this feature is available: