Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

MPPE keys, Microsoft PPTP client

I'm trying to use ACS 2.6 and ACS 3.2 as a radius server to for my Msft win-xp client to do authentication before it brings up its pptp client.

To that end, on ACS, I enable the attributes:


MS-CHAP-MPPE-Types (128 bit)

MS-MPPE-Recv-Key (N/A)

MS-MPPE-Send-Key (N/A)

Service-Type (outbound)

However, ACS 2.6 and 3.2 require me to enter in a value for MS-MPPE-Recv-Key and MS-MPPE-Send-Key !

I was using an even later implementation of ACS (I think it was 3.32) and that does not require me entering in a value for these two keys .... and ACS 3.32 works just fine. However, I just can't get 2.6 working... as it wants me to enter in values but I have no idea what to enter.

Can somebody who's gotten ACS working in this fashion help?


Cisco Employee

Re: MPPE keys, Microsoft PPTP client

You shouldn't need to add anything in for these attributes, so just don't enable them. MPPE will work without them (it *should* just work with only the "MS-CHAP-MPPE-Keys" attribute returned to the NAS).

I would suggest going under Interface Config - Radius (Microsoft) and disable the check boxes for these two attributes, then you won't even see them under the User/Group configuration. They won't be returned to the NAS and the connection should work fine.

If this still doesn't work, then we'd need to see debug output from the router during a connection attempt, so it may be easier to open a TAC case. What we'd need to see is the following:

debug aaa authen

debug aaa author

debug ppp neg

debug ppp auth

debug radius

CreatePlease to create content