Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote authentication does not work

Core issue

The RADIUS server supports Microsoft Point-to-Point Encryption (MPPE) but needs to be configured for MPPE keying.

Resolution

To resolve this issue, perform these steps:

  1. Configure your RADIUS server for MPPE keying by verifying these:
    • Microsoft vendor-specific attribute 26 for encryption allowed or encryption required is On.
    • Either 40-bit or 128-bit encryption is enabled.

  2. MS-CHAP-MPPE-Keys are generated. (Setup may vary slightly by vendor.)
  3. Turn on encryption in the PIX, as shown:

    • For PIXes with 40- and 128-bit encryption, use the vpdn group group_name ppp encryption mppe command.
    • For non-3DES PIXes, use the vpdn group {name} ppp encryption mppe 40 command.
  4. Add the debug ppp io and debug ppp error commands.
  5. Change PC settings to one of these (depending on operating system):

    • Require data encryption
    • Optional encryption (connect even if no encryption)
    • Require encryption (disconnect if server declines) [40 bit]
    • Maximum strength encryption (disconnect if server declines) [128 bit, unless the PIX version does not support 128-bit encryption)
  6. Try connecting again.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:36 PM
Updated by:
 
Labels (1)