cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
549
Views
5
Helpful
3
Replies

Change Authentication method in VPN 3000

mj.jimenez
Level 1
Level 1

Hi,

i'm configuring a Cisco VPN 3000 Concentrator, and i already have configured my RADIUS IAS server. Authentication is OK, but only if i allow PAP method in the remote access policy of the RADIUS server. I don?t want to use that method, i would want to use MSCHAP but i don?t know how to do it.

This is the error in the event viewr when i try to access without allowing PAP:

--------------------------------

User elvirl01 was denied access.

Fully-Qualified-User-Name = ar.net/HESA/Usuarios/elvirl01

NAS-IP-Address = 172.17.24.31

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = Concentrador

Client-IP-Address = 172.17.24.31

NAS-Port-Type = Virtual

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = HESA

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 66

Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.

------------------------------

Please, can anybody help me??

Best regards,

Luis

3 Replies 3

kaachary
Cisco Employee
Cisco Employee

VPN concentrator requires PAP for IPSec CLients authentication using Radius . This is the way it works.

Check this doc :

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009467f.shtml

For PPTP Clients you can use MSCHAP V2.

*Please rate if helped.

-Kanishka

Thank you very much Kanishka.

Hey,

You're welcome..How abt a rating :-)

-Kanishka

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: