If Terminal Access Controller Access Control System (TACACS+) is used, verify that the PIX and the server communicate on the same port, Transmission Control Protocol (TCP)/49.
If Remote Authentication Dial-In User Service (RADIUS) is used, verify that the PIX and the server communicate on the User Datagram Protocol (UDP) port 1645. Or, if the RADIUS server uses port 1812, verify that the PIX uses software version 6.0 or later. Then, issue the aaa-server radius-authport1812 command in order to specify port 1812.
Ensure that the secret key is correct.
If the network traffic is extremely high, or packet loss is present, increase the timeout for authentication requests. From the PIX command line interface, issue the aaa-servergroup_tag (if_name)hostserver_ip keytimeoutseconds command, and increase the time in seconds to a larger value, such as 20 or 30 seconds. Check the server logs for failed attempts. All servers have some kind of logging function.