Filter
Top Products
35-78
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Mapping Certificates to IPSec or SSL VPN Connection Profiles
Note Allowing override account-disabled is a potential security risk.
–
Enable notification upon password expiration to allow user to change password—Checking this
check box makes the following two parameters available. You can select either to notify the user
at login a specific number of days before the password expires or to notify the user only on the
day that the password expires. The default is to notify the user 14 days prior to password
expiration and every day thereafter until the user changes the password. The range is 1 through
180 days.
Note This does not change the number of days before the password expires, but rather, it enables
the notification. If you select this option, you must also specify the number of days.
In either case, and, if the password expires without being changed, the security appliance offers
the user the opportunity to change the password. If the current password has not yet expired, the
user can still log in using that password.
This parameter is valid for AAA servers that support such notification; that is, RADIUS,
RADIUS with an NT server, and LDAP servers. The security appliance ignores this command
if RADIUS or LDAP authentication has not been configured.
Modes
The following table shows the modes in which this feature is available:
Configuring Client Addressing for SSL VPN Connections
Use this window to specify the global client address assignment policy and to configure
interface-specific address pools. You can also add, edit, or delete interface-specific address pools using
this window. The table at the bottom of the window lists the configured interface-specific address pools.
Fields
• Global Client Address Assignment Policy—Configures a policy that affects all IPSec and SSL VPN
Client connections (including AnyConnect client connections). The security appliance uses the
selected sources in order, until it finds an address:
–
Use authentication server—Specifies that the security appliance should attempt to use the
authentication server as the source for a client address.
–
Use DHCP—Specifies that the security appliance should attempt to use DHCP as the source for
a client address.
–
Use address pool—Specifies that the security appliance should attempt to use address pools as
the source for a client address.
• Interface-Specific Address Pools—Lists the configured interface-specific address pools.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——