VPN Wired

Your Online Security Advisor

Nord_W

How to Reset the Cisco AnyConnect VPN Password?

Cisco AnyConnect VPN Password Reset

Businesses are no longer limited to a specific region. They have multiple offices and workplaces spread across towns, countries, or even continents. In such cases, it is often hard to share the internal resources securely, as the internet isn’t a safe medium of communication. That’s where a VPN (a virtual private network) comes into play. It allows two or more parties to share resources and communicate using advanced technologies. These are security protocols that enable tunneling and encryption profiles that ensure the security of data traffic. Cisco AnyConnect VPN is one such VPN client that uses an account and a password you can reset.

It functions as the server’s endpoint that allows remote workplaces/workforce to integrate with the central network. Thus, it is highly secure and requires multiple authentications. But what to do if your Cisco password expires and is no longer functional? As mentioned, we will demonstrate ways to reset the Cisco AnyConnect VPN password.

We won’t delve into why it is necessary to reset passwords periodically, as it is beside the point. However, one has to understand that any digital product/service that requires a password needs sufficient care. Although VPNs, especially Cisco AnyConnect, are not your typical VPN, they can also get stuck at the password page. Whether it is a human concept at play or simply a technical error, we will check out the different scenarios and solutions and figure out how resetting the Cisco AnyConnect VPN password works.

Reset the password for Cisco AnyConnect VPN if it already expired

We’ll first explain a scenario where the password is already done and dusted. All you need to do is:

  1. First, launch the Cisco AnyConnect VPN client on your device.
  2. Then to start the VPN connection, try to log in.
  3. On the login screen, enter your VPN username and expired/old password.
  4. Now click Continue.
  5. If the client accepts the expired password, it will open a new window where you can create a new one, otherwise, it will revert to the previous menu.
  6. If you are back on the old menu, repeat steps 3 to 5 unless you are successful.
  7. Once done, the client will prompt you for verification. Click on Accept.
  8. Reboot your device to sync all these changes.

Do this if the Cisco AnyConnect password is about to expire

If your password is still valid, but you want to reset or change it, that’s also a fairly simple process. However, it differs based on the platform. We are going to include the Windows client in this guide. Now follow the steps described below:

  1. First, launch the Cisco AnyConnect VPN client on your Windows device.
  2. The client will ask for credentials. Enter your VPN username and password.
  3. Once you can ensure a stable VPN connection, try to change the password. Here’s how to manage that:
    1. Press the Ctrl+Alt+Del buttons on your keyboard.
    2. After that, you can select Change a Password from the menu.
    3. On the new screen, you will see your VPN account.
    4. Now enter your old password.
    5. Then create a new password according to the instructions.
    6. Repeat the new password and click on the arrow icon to continue.
    7. It will say the password reset is complete. Click on OK.
  4. Reboot your computer.

Allow Domain password change via LDAP for AnyConnect

You can change your Domain password on the Cisco AnyConnect VPN network via LDAP or Lightweight Directory Access Protocol. Doing so is crucial because a remote worker who connects via VPN, when forced to change passwords periodically, can find themselves locked out. Thus, if you use LDAP, you can authenticate the remote user to let them use the Cisco AnyConnect to reset passwords. It is possible because standard LDAP runs over TCP port 389, but to authenticate the user, you need to connect it via LDAPS TCP port 636. The solution is to set up LDAP to port 636. You can do it either by using the Command prompt or from within the ADSM.

Using Command-line

Start by launching Command Prompt on your Windows PC. Now:

  1. Enter the following command line:
    • Petes-ASA(config)# groupname-server TEST-LDAP-SERVER (inside) host 192.xxx.yyy.10
    • Petes-ASA(config-groupname-server-host)# server-port 636.
  2. Now reset the password by allowing the following commands:
    • Petes-ASA(config)# tunnel-group ANYCONNECT-PROFILE general-attributes
    • Petes-ASA(config-tunnel-general)# password-management password-expire-in-days 3

Through ADSM

Login to ADSM (Adaptive Security Device Manager). Then:

  1. Go to configuration.
  2. Select Device management and click on your user profile.
  3. Now, select the LDAP server group and the related server.
  4. On the new menu, click on Edit.
  5. Check Enable LDAP over SSL and set the server port to 636.
  6. Now, your LDAP is running through TCP port 636. Thus, users can use AnyConnect to remotely change their passwords. To do so:
    1. Connect to the ADSM and go to configuration.
    2. Select Remote Access VPN.
    3. Click on the Network client remote access option.
    4. On the new menu, choose the AnyConnect profile to edit.
    5. In the AnyConnect Profile, go to the Advance setting, then to Password Management.
    6. Here, enable Password Management.
    7. Lastly, click on Apply and save the running configuration to flash.