06-18-2008 04:21 PM - edited 03-10-2019 03:55 PM
I have configured my VPN concentrator for Radius authentication (Cisco ACS 3.1) which uses Active Directory Database for authenticating remote vpn clients. I do not have any problems with the authentication. But in ACS console, under Reporting--Failed Attempts--> I see many log entries with the message "Bad request from NAS"
What does this message indicate and how can I rectify this?
Thanks
06-18-2008 09:26 PM
Hi,
Probably This message indicates that a network device does requests of authentication toward RADIUS, but this device is not "registered" on ACS.
In order to permit to a network device (say..router, switch, VPN Concentrator, firewall and so on) to make requests of authentication you must insert it in the table (of ACS) of the network devices authorized to make requests (called NAS).
Probably The message you see is caused by a network device not authorized (not inserted in the table of NAS) to make requests of authorization.
Check also the shared secret.
I hope this helps.
Best regards.
Massimiliano.
06-18-2008 10:56 PM
The device is registered in the ACS and remote VPN users are able to login with out any issues.
My query is why am I getting "BAD request from NAS" message under Fialed Authentication
06-18-2008 10:56 PM
The device is registered in the ACS and remote VPN users are able to login with out any issues.
My query is why am I getting "BAD request from NAS" message under Failed Authentication
06-20-2008 06:06 AM
This message comes when there is shared secret mismatch.
Regards,
~JG
Do rate helpful posts
06-20-2008 03:57 PM
If there is a mismatch, authentication of remote vpn clients should not work right?
11-29-2010 05:49 AM
hello !
I have the same error.
I installed Cisco ACS 4.2 on windows 2003 SP2 and VPN users can authenticate on AD server. Now I'm implementing password expiry feature.
but it not working. In ACS failed attempts log I have this log:
11/29/2010 | 17:21:58 | Bad request from NAS | .. | Default Group | .. | (Default) | ||||||||||||
11/29/2010 | 17:21:51 | Authen failed | mydomain\vpnuser1 | Default Group | .. | (Default) | Windows user must change password |
In VPN Client Enter New Pin window appearing but when user enters new password it rejects.
Could anyone help ?
12-01-2010 09:02 AM
If you look in the CSRadius service log you might get a better idea for what the problem is.
Or you can "net stop csradius" then run "csradius -z -p" from the command line to run it and see debug. Basically, CSRadius will spit out "Bad request from NAS" for anything that looks like a physically malformed RADIUS packet or a packet that doesnt appear to support the RFC.
It could be a wrong shared secret... but that should prevent ANY authentication working.
If you know what the incoming RADIUS packets looks like (that causes the error) you're half way to fixing it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide