Change Authentication method in VPN 3000

Unanswered Question
Mar 8th, 2007
User Badges:


i'm configuring a Cisco VPN 3000 Concentrator, and i already have configured my RADIUS IAS server. Authentication is OK, but only if i allow PAP method in the remote access policy of the RADIUS server. I don?t want to use that method, i would want to use MSCHAP but i don?t know how to do it.

This is the error in the event viewr when i try to access without allowing PAP:


User elvirl01 was denied access.

Fully-Qualified-User-Name =

NAS-IP-Address =

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = Concentrador

Client-IP-Address =

NAS-Port-Type = Virtual

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = HESA

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 66

Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Please, can anybody help me??

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
kaachary Fri, 03/09/2007 - 02:15
User Badges:
  • Cisco Employee,


You're welcome..How abt a rating :-)



This Discussion