I am trying to troubleshoot a AAA/TACACS problem on a 3825 router. This router is at a remote site and establishes a GRE tunnel secured with IPSEC to another 3825 router at our main site. The router at the main site works perfectly with AAA authentication to our ACS server. The 3825 at the remote location does not. The IOS versions are the same on the routers (c3825-advsecurityk9-mz.124-3g). However, the access switches at the remote location do work properly with the AAA authentication. This is very confusing. I have tried different TACACS keys but it does not help. Setting DEBUG TACACS AUTHENTICATION I encountered the following messages:
Dec 20 13:38:40: TPLUS: received bad AUTHEN packet: length = 6, expected 111171
Dec 20 13:38:40: TPLUS: Invalid AUTHEN packet (check keys).
Any help would be appreciated.