cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

The RADIUS server does not return proper MPPE keying material

463
Views
0
Helpful
0
Comments

What is Radius Server?


The Remote Authentication Dial-In User Service (RADIUS) is a client/server security protocol created by Lucent InterNetworking Systems. RADIUS is an Internet draft standard protocol.

User profiles are stored in a central location, known as the RADIUS server. RADIUS clients communicate with the RADIUS server to authenticate users. The server specifies back to the client what the authenticated user is authorized to do. Although the term RADIUS refers to the network protocol that the client and server use to communicate, it is often used to refer to the entire client/server system.


Core issue

The authentication server is not responding affirmatively to the PIX Firewall request.

The authentication server is not sending Microsoft Point-to-Point Encryption (MPPE) keying material (attribute 26=0X1A).

Resolution

To resolve this issue, perform these steps:

  1. Check for these items: 
    • The remote connection works with encryption off
    • The remote connection fails with encryption on
    • The connection works with local authentication with encryption
  2. If these statements are true, the problem may be that the RADIUS server is not returning proper MPPE keying material. Make sure that the authentication server is responding affirmatively to the PIX Firewall request and is sending MPPE keying material (attribute 26=0X1A).
  3. If you have verified that the authentication server is responding affirmatively to the PIX Firewall request and is sending MPPE keying material (attribute 26=0X1A), but the PIX still indicates a failure, gather this output and open a service request with Cisco Technical Support: 

    To open a service request, click the Open a Case button. Using this feature, you can provide required information and submit your service request to Cisco Technical Support online.

    Note: For non-critical issues, Cisco Technical Support answers service requests opened online quicker than service requests opened by telephone.

    For other ways to contact Cisco Technical Support, refer to Technical Support: Cisco Worldwide Contacts.

    For more information on these commands, refer to the documentation on the debug command.


CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.