Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

I have configured my VPN concentrator for Radius authentication (Cisco ACS 3.1) which uses Active Directory Database for authenticating remote vpn clients. I do not have any problems with the authentication. But in ACS console, under Reporting--Failed Attempts--> I see many log entries with the message "Bad request from NAS"

What does this message indicate and how can I rectify this?

Thanks

7 REPLIES

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

Hi,

Probably This message indicates that a network device does requests of authentication toward RADIUS, but this device is not "registered" on ACS.

In order to permit to a network device (say..router, switch, VPN Concentrator, firewall and so on) to make requests of authentication you must insert it in the table (of ACS) of the network devices authorized to make requests (called NAS).

Probably The message you see is caused by a network device not authorized (not inserted in the table of NAS) to make requests of authorization.

Check also the shared secret.

I hope this helps.

Best regards.

Massimiliano.

New Member

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

The device is registered in the ACS and remote VPN users are able to login with out any issues.

My query is why am I getting "BAD request from NAS" message under Fialed Authentication

New Member

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

The device is registered in the ACS and remote VPN users are able to login with out any issues.

My query is why am I getting "BAD request from NAS" message under Failed Authentication

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

This message comes when there is shared secret mismatch.

Regards,

~JG

Do rate helpful posts

New Member

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

If there is a mismatch, authentication of remote vpn clients should not work right?

New Member

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

hello !

I have the same error.

I installed Cisco ACS 4.2 on windows 2003 SP2 and VPN users can authenticate on AD server. Now I'm implementing password expiry feature.

but it not working. In ACS failed attempts log I have this log:

11/29/201017:21:58Bad request from NAS..Default Group..(Default)
11/29/201017:21:51Authen failedmydomain\vpnuser1Default Group..(Default)Windows user must change password

In VPN Client Enter New Pin window appearing but when user enters new password it rejects.

Could anyone help ?

Silver

Re: VPN Concentrator-ACS 3.1-Radius Error "Bad request from NAS"

If you look in the CSRadius service log you might get a better idea for what the problem is.

Or you can "net stop csradius" then run "csradius -z -p" from the command line to run it and see debug. Basically, CSRadius will spit out "Bad request from NAS" for anything that looks like a physically malformed RADIUS packet or a packet that doesnt appear to support the RFC.

It could be a wrong shared secret... but that should prevent ANY authentication working.

If you know what the incoming RADIUS packets looks like (that causes the error) you're half way to fixing it

409
Views
0
Helpful
7
Replies
CreatePlease to create content