Configuring CiscoSecure ACS for Windows Router PPTP Authentication
I was having an odd issue with this configuration, everything seemed fine but on my Windows 7 Test client I got the Error 742: "The remote server does not support encryption" every time I tried to connect, the ACS 4.2 showed the authentication as successful and nothing else, the debug on the router pretty much the same thing with the exception of :
"Vi1 MPPE: RADIUS keying material missing"
After 2 weeks with TAC, We came to the conclusion that the issue was caused by the fact that starting with Vista, MS-CHAP v1 is deprecated, so in order for MS-CHAP v2 to work we needed to enable the extra MPPE Attributes:
[311\016] MS-MPPE-Send-Key
[311\017] MS-MPPE-Recv-Key
In the new Cisco ACS 5.x family, enabling the these particular attributes does not seem to be necessary since "These are added to the profile as required".
No comments:
Post a Comment