I'm trying to use ACS 2.6 and ACS 3.2 as a radius server to for my Msft win-xp client to do authentication before it brings up its pptp client.
To that end, on ACS, I enable the attributes:
MS-CHAP-MPPE-Types (128 bit)
However, ACS 2.6 and 3.2 require me to enter in a value for MS-MPPE-Recv-Key and MS-MPPE-Send-Key !
I was using an even later implementation of ACS (I think it was 3.32) and that does not require me entering in a value for these two keys .... and ACS 3.32 works just fine. However, I just can't get 2.6 working... as it wants me to enter in values but I have no idea what to enter.
Can somebody who's gotten ACS working in this fashion help?
You shouldn't need to add anything in for these attributes, so just don't enable them. MPPE will work without them (it *should* just work with only the "MS-CHAP-MPPE-Keys" attribute returned to the NAS).
I would suggest going under Interface Config - Radius (Microsoft) and disable the check boxes for these two attributes, then you won't even see them under the User/Group configuration. They won't be returned to the NAS and the connection should work fine.
If this still doesn't work, then we'd need to see debug output from the router during a connection attempt, so it may be easier to open a TAC case. What we'd need to see is the following:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :