Group Policies - Cisco PIX 500 Series Configuration Manual

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
Figure 30-6
Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.

Group Policies

This section describes group policies and how to configure them. It includes the following sections:
•
•
A group policy is a set of user-oriented attribute/value pairs for IPSec connections that are stored either
internally (locally) on the device or externally on a RADIUS server. The connection profile uses a group
policy that sets terms for user connections after the tunnel is established. Group policies let you apply
whole sets of attributes to a user or a group of users, rather than having to specify each attribute
individually for each user.
Enter the group-policy commands in global configuration mode to assign a group policy to users or to
modify a group policy for specific users.
The security appliance includes a default group policy. In addition to the default group policy, which you
can modify but not delete, you can create one or more group policies specific to your environment.
You can configure internal and external group policies. Internal groups are configured on the security
appliance's internal database. External groups are configured on an external authentication server, such
as RADIUS. Group policies include the following attributes:
•
•
OL-12172-03
Active Directory—Enforce Password Complexity
Default Group Policy, page 30-34
Configuring Group Policies, page 30-36
Identity
Server definitions
Cisco Security Appliance Command Line Configuration Guide
Group Policies
30-33