cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1779
Views
0
Helpful
2
Replies

AAA not authenticating to Win Radius server

peperg
Level 1
Level 1

I have a client that is trying to use a Windows ISA server as a RADIUS server to authenticate PPTP connections to a 515e. I know that the VPN connection is working since I can set it up to use local auth and it works just fine. When I set up radius the clients get an error that says that it did not get a response from the server (I think it was 761).

The relevant config and the debug ppp negotiation and debug ppp error is below, I am looking to see if there is a way to test the RADIUS server other than having someone try to connect. Or if anyone has had any experience setting these up.

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server RadiusServers protocol radius

aaa-server RadiusServers max-failed-attempts 3

aaa-server RadiusServers deadtime 10

aaa-server RadiusServers (inside) host ********** ***KEY*** timeout 10

vpdn group VPN accept dialin pptp

vpdn group VPN ppp authentication pap

vpdn group VPN ppp authentication chap

vpdn group VPN ppp authentication mschap

vpdn group VPN ppp encryption mppe 40

vpdn group VPN client configuration address local VPN-Clients

vpdn group VPN client configuration dns ***********

vpdn group VPN client authentication aaa RadiusServers

vpdn group VPN pptp echo 60

vpdn enable outside

PPP virtual access open, ifc = 0

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 17

Pkt dump: 010405780506575173cb070208020d0306

LCP Option: Max_Rcv_Units, len: 4, data: 0578

LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

LCP Option: CALL_BACK, len: 3, data: 06

Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11

Pkt dump: 0305c2238005064d525532

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 4d525532

Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 11

Pkt dump: 01040578070208020d0306

LCP Option: Max_Rcv_Units, len: 4, data: 0578

LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:

LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:

LCP Option: CALL_BACK, len: 3, data: 06

Rcvd Link Control Protocol pkt, Action code is: Config ACK, len is: 11

Pkt dump: 0305c2238005064d525532

LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380

LCP Option: MAGIC_NUMBER, len: 6, data: 4d525532

Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 6

Pkt dump: 0506575173cb

LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb

Xmit Link Control Protocol pkt, Action code is: Config ACK, len is: 6

Pkt dump: 0506575173cb

LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb

Rcvd Link Control Protocol pkt, Action code is: Identification, len is: 14

Pkt dump: 575173cb4d5352415356352e3130

Rcvd Link Control Protocol pkt, Action code is: Identification, len is: 16

Pkt dump: 575173cb4d535241532d302d4a414445

PPP chap receive response: rcvd type MS-CHAP-V1

uauth_mschap_send_req: pppdev=4, ulen=19, user=DOMAIN\JoeUser

PPP chap receive response: rcvd type MS-CHAP-V1

uauth_mschap_proc_reply: pppdev = 1, status = 0

uauth mschap: pppdev = 1, close ppp dev

PPP va close, device = 1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

PPP chap receive response: rcvd type MS-CHAP-V1

Rcvd Link Control Protocol pkt, Action code is: Termination Request, len is: 12

Pkt dump: 575173cb003ccd74000002ce

Xmit Link Control Protocol pkt, Action code is: Termination ACK, len is: 0

PPP va close, device = 4

2 Replies 2

smahbub
Level 6
Level 6

You get the details for troubleshooting the Cisco ACS server from the following URL: http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a03.shtml

Windows ISA server not Cisco ACS. I have resolved the issue by rebuilding the ISA services on the Windows server.