Core issue
This problem occurs due to the presence of Cisco bug ID CSCsc96280.
Sometimes, a router acts as a VPN server for VPN client users. When such a router is upgraded to Cisco IOS Software Release 12.4(6.7), the router sends the NAS-Port-Type RADIUS attribute twice in an Authentication, Authorization, and Accounting (AAA) access-request packet. This problem occurs when the router is configured to authenticate VPN users against the RADIUS server. The logs display entries similar to this:
00:05:13: RADIUS(00000005): Send Access-Request to 172.19.220.219:1645 id 1645/4, len81
00:05:13: RADIUS: authenticator A1 0A 19 02 DC 9F CF A7 - 1A 48 52 EF E6 E7 3D A1
00:05:13: RADIUS: User-Name [1] 7 "unity"
00:05:13: RADIUS: User-Password [2] 18 *
00:05:13: RADIUS: Calling-Station-Id [31] 12 "10.1.32.25"
00:05:13: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
00:05:13: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
00:05:13: RADIUS: Service-Type [6] 6 Outbound [5]
Resolution
In order to resolve this issue, download and upgrade the Cisco IOS to any one of these versions:
Problem Type
Troubleshoot software feature
Product Family
Routers
Cisco IOS Software Version
12.4
VPN Tunnel End Points
Router
Features & Tasks
RADIUS