01-31-2007 08:32 PM - edited 03-10-2019 02:57 PM
I have a client that is trying to use a Windows ISA server as a RADIUS server to authenticate PPTP connections to a 515e. I know that the VPN connection is working since I can set it up to use local auth and it works just fine. When I set up radius the clients get an error that says that it did not get a response from the server (I think it was 761).
The relevant config and the debug ppp negotiation and debug ppp error is below, I am looking to see if there is a way to test the RADIUS server other than having someone try to connect. Or if anyone has had any experience setting these up.
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RadiusServers protocol radius
aaa-server RadiusServers max-failed-attempts 3
aaa-server RadiusServers deadtime 10
aaa-server RadiusServers (inside) host ********** ***KEY*** timeout 10
vpdn group VPN accept dialin pptp
vpdn group VPN ppp authentication pap
vpdn group VPN ppp authentication chap
vpdn group VPN ppp authentication mschap
vpdn group VPN ppp encryption mppe 40
vpdn group VPN client configuration address local VPN-Clients
vpdn group VPN client configuration dns ***********
vpdn group VPN client authentication aaa RadiusServers
vpdn group VPN pptp echo 60
vpdn enable outside
PPP virtual access open, ifc = 0
Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 17
Pkt dump: 010405780506575173cb070208020d0306
LCP Option: Max_Rcv_Units, len: 4, data: 0578
LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb
LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:
LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:
LCP Option: CALL_BACK, len: 3, data: 06
Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 11
Pkt dump: 0305c2238005064d525532
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380
LCP Option: MAGIC_NUMBER, len: 6, data: 4d525532
Xmit Link Control Protocol pkt, Action code is: Config Reject, len is: 11
Pkt dump: 01040578070208020d0306
LCP Option: Max_Rcv_Units, len: 4, data: 0578
LCP Option: PROTOCOL_HDR_COMPRESSION, len: 2, data:
LCP Option: ADDRESS_CONTROL_COMPRESSION, len: 2, data:
LCP Option: CALL_BACK, len: 3, data: 06
Rcvd Link Control Protocol pkt, Action code is: Config ACK, len is: 11
Pkt dump: 0305c2238005064d525532
LCP Option: AUTHENTICATION_TYPES, len: 5, data: c22380
LCP Option: MAGIC_NUMBER, len: 6, data: 4d525532
Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: 0506575173cb
LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb
Xmit Link Control Protocol pkt, Action code is: Config ACK, len is: 6
Pkt dump: 0506575173cb
LCP Option: MAGIC_NUMBER, len: 6, data: 575173cb
Rcvd Link Control Protocol pkt, Action code is: Identification, len is: 14
Pkt dump: 575173cb4d5352415356352e3130
Rcvd Link Control Protocol pkt, Action code is: Identification, len is: 16
Pkt dump: 575173cb4d535241532d302d4a414445
PPP chap receive response: rcvd type MS-CHAP-V1
uauth_mschap_send_req: pppdev=4, ulen=19, user=DOMAIN\JoeUser
PPP chap receive response: rcvd type MS-CHAP-V1
uauth_mschap_proc_reply: pppdev = 1, status = 0
uauth mschap: pppdev = 1, close ppp dev
PPP va close, device = 1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
PPP chap receive response: rcvd type MS-CHAP-V1
Rcvd Link Control Protocol pkt, Action code is: Termination Request, len is: 12
Pkt dump: 575173cb003ccd74000002ce
Xmit Link Control Protocol pkt, Action code is: Termination ACK, len is: 0
PPP va close, device = 4
02-06-2007 03:08 PM
You get the details for troubleshooting the Cisco ACS server from the following URL: http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a03.shtml
02-07-2007 07:45 AM
Windows ISA server not Cisco ACS. I have resolved the issue by rebuilding the ISA services on the Windows server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide