Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MPPE keys, Microsoft PPTP client

Unanswered Question
Mar 29th, 2004
User Badges:
  • Bronze, 100 points or more

I'm trying to use ACS 2.6 and ACS 3.2 as a radius server to for my Msft win-xp client to do authentication before it brings up its pptp client.

To that end, on ACS, I enable the attributes:


MS-CHAP-MPPE-Types (128 bit)

MS-MPPE-Recv-Key (N/A)

MS-MPPE-Send-Key (N/A)

Service-Type (outbound)

However, ACS 2.6 and 3.2 require me to enter in a value for MS-MPPE-Recv-Key and MS-MPPE-Send-Key !

I was using an even later implementation of ACS (I think it was 3.32) and that does not require me entering in a value for these two keys .... and ACS 3.32 works just fine. However, I just can't get 2.6 working... as it wants me to enter in values but I have no idea what to enter.

Can somebody who's gotten ACS working in this fashion help?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Mon, 03/29/2004 - 16:28
User Badges:
  • Cisco Employee,

You shouldn't need to add anything in for these attributes, so just don't enable them. MPPE will work without them (it *should* just work with only the "MS-CHAP-MPPE-Keys" attribute returned to the NAS).

I would suggest going under Interface Config - Radius (Microsoft) and disable the check boxes for these two attributes, then you won't even see them under the User/Group configuration. They won't be returned to the NAS and the connection should work fine.

If this still doesn't work, then we'd need to see debug output from the router during a connection attempt, so it may be easier to open a TAC case. What we'd need to see is the following:

debug aaa authen

debug aaa author

debug ppp neg

debug ppp auth

debug radius


This Discussion