Cisco ASA Series Cli Configuration Manual page 1668

Configuring Connection Profiles
Figure 1-6
Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.
Configuring the Connection Profile for RADIUS/SDI Message Support for
the AnyConnect Client
This section describes procedures to ensure that the AnyConnect VPN client using RSA SecureID
Software tokens can properly respond to user prompts delivered to the client through a RADIUS server
proxying to an SDI server(s). This section contains the following topics:
•
•
Note
If you have configured the double-authentication feature, SDI authentication is supported only on the
primary authentication server.
AnyConnect Client and RADIUS/SDI Server Interaction
When a remote user connects to the ASA with the AnyConnect VPN client and attempts to authenticate
using an RSA SecurID token, the ASA communicates with the RADIUS server, which in turn,
communicates with the SDI server about the authentication.
Cisco ASA Series CLI Configuration Guide
1-34
Active Directory—Enforce Password Complexity
AnyConnect Client and RADIUS/SDI Server Interaction
Configuring the Security Appliance to Support RADIUS/SDI Messages
Chapter 1 Configuring Connection Profiles, Group Policies, and Users