03-08-2007 02:27 AM
Hi,
i'm configuring a Cisco VPN 3000 Concentrator, and i already have configured my RADIUS IAS server. Authentication is OK, but only if i allow PAP method in the remote access policy of the RADIUS server. I don?t want to use that method, i would want to use MSCHAP but i don?t know how to do it.
This is the error in the event viewr when i try to access without allowing PAP:
--------------------------------
User elvirl01 was denied access.
Fully-Qualified-User-Name = ar.net/HESA/Usuarios/elvirl01
NAS-IP-Address = 172.17.24.31
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = Concentrador
Client-IP-Address = 172.17.24.31
NAS-Port-Type = Virtual
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = HESA
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 66
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
------------------------------
Please, can anybody help me??
Best regards,
Luis
03-08-2007 04:16 PM
VPN concentrator requires PAP for IPSec CLients authentication using Radius . This is the way it works.
Check this doc :
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009467f.shtml
For PPTP Clients you can use MSCHAP V2.
*Please rate if helped.
-Kanishka
03-09-2007 12:26 AM
Thank you very much Kanishka.
03-09-2007 02:15 AM
Hey,
You're welcome..How abt a rating :-)
-Kanishka
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: