67-34
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Figure67-6 Active Directory—Enforce Password Complexity
Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.
Configuring the Connection Profile for RADIUS/SDI Message Support for the AnyConnect Client
This section describes procedures to ensure that the AnyConnect VPN client using RSA SecureID
Software tokens can properly respond to user prompts delivered to the client through a RADIUS server
proxying to an SDI server(s). This section contains the following topics:
AnyConnect Client and RADIUS/SDI Server Interaction
Configuring the Security Appliance to Support RADIUS/SDI Messages
Note If you have configured the double-authentication feature, SDI authentication is supported only on the
primary authentication server.

AnyConnect Client and RADIUS/SDI Server Interaction

When a remote user connects to the ASA with the AnyConnect VPN client and attempts to authenticate
using an RSA SecurID token, the ASA communicates with the RADIUS server, which in turn,
communicates with the SDI server about the authentication.