Cisco ASA 5505 User Manual

Page 1460

67-34

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Figure 67-6

Active Directory—Enforce Password Complexity

Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.

Configuring the Connection Profile for RADIUS/SDI Message Support for the
AnyConnect Client

This section describes procedures to ensure that the AnyConnect VPN client using RSA SecureID
Software tokens can properly respond to user prompts delivered to the client through a RADIUS server
proxying to an SDI server(s). This section contains the following topics:

•

AnyConnect Client and RADIUS/SDI Server Interaction

•

Configuring the Security Appliance to Support RADIUS/SDI Messages

Note

If you have configured the double-authentication feature, SDI authentication is supported only on the
primary authentication server.

AnyConnect Client and RADIUS/SDI Server Interaction

When a remote user connects to the ASA with the AnyConnect VPN client and attempts to authenticate
using an RSA SecurID token, the ASA communicates with the RADIUS server, which in turn,
communicates with the SDI server about the authentication.

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series