Core issue
The RADIUS server supports Microsoft Point-to-Point Encryption (MPPE) but needs to be configured for MPPE keying.
Resolution
To resolve this issue, perform these steps:
- Configure your RADIUS server for MPPE keying by verifying these:
- Microsoft vendor-specific attribute 26 for encryption allowed or encryption required is On.
- Either 40-bit or 128-bit encryption is enabled.
- MS-CHAP-MPPE-Keys are generated. (Setup may vary slightly by vendor.)
- Turn on encryption in the PIX, as shown:
- For PIXes with 40- and 128-bit encryption, use the vpdn group group_name ppp encryption mppe command.
- For non-3DES PIXes, use the vpdn group {name} ppp encryption mppe 40 command.
- Add the debug ppp io and debug ppp error commands.
- Change PC settings to one of these (depending on operating system):
- Optional encryption (connect even if no encryption)
- Require encryption (disconnect if server declines) [40 bit]
- Maximum strength encryption (disconnect if server declines) [128 bit, unless the PIX version does not support 128-bit encryption)
- Try connecting again.