Cisco ASA 5505 Configuration Manual page 1394

Mapping Certificates to IPsec or SSL VPN Connection Profiles
Note
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Configuring Client Addressing
To specify the client IP address assignment policy and assign address pools to all IPsec and SSL VPN
connections, choose Config > Remote Access VPN > Network (Client) Access > IPsec or SSL VPN
Connections > Add or Edit > Advanced > Client Addressing. The Add IPsec Remote Access Connection
or Add SSL VPN Access Connection opens. Use this dialog box to add address pools and assign them
to interfaces, and view, edit, or delete them. The table at the bottom of the dialog box lists the configured
interface-specific address pools.
To understand the fields in this dialog box or its descendent dialog boxes, see the sections that follow
this one. You can view or change the configuration of address pools and their assignment to interfaces,
as follows:
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-84
Allowing override account-disabled is a potential security risk.
Enable notification upon password expiration to allow user to change password—Checking this
–
check box makes the following two parameters available. You can select either to notify the user
at login a specific number of days before the password expires or to notify the user only on the
day that the password expires. The default is to notify the user 14 days prior to password
expiration and every day thereafter until the user changes the password. The range is 1 through
180 days.
This does not change the number of days before the password expires, but rather, it enables
Note
the notification. If you select this option, you must also specify the number of days.
In either case, and, if the password expires without being changed, the adaptive security
appliance offers the user the opportunity to change the password. If the current password has
not yet expired, the user can still log in using that password.
This parameter is valid for AAA servers that support such notification; that is, RADIUS,
RADIUS with an NT server, and LDAP servers. The adaptive security appliance ignores this
command if RADIUS or LDAP authentication has not been configured.
This feature requires the use of MS-CHAPv2.
Security Context
Transparent Single
—
•
To view or change the configuration of address pools, click Add or Edit in the Add IPsec Remote
Access Connection or Add SSL VPN Access Connection dialog box. The Assign Address Pools to
Interface dialog box opens. This dialog box lets you assign IP address pools to the interfaces
configured on the adaptive security appliance. Click Select. The Select Address Pools dialog box
opens. Use this dialog box to view the configuration of address pools. You can change their address
pool configuration as follows:
Multiple
Context System
— —
Chapter 64 General VPN Setup
OL-20339-01