Dial-in connection issues – Cisco 3.3 User Manual

Appendix A Troubleshooting

Dial-in Connection Issues

A-10

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Dial-in Connection Issues

Condition

Recovery Action

A dial-in user cannot
connect to the AAA
client.

No record of the
attempt appears in
either the TACACS+
or RADIUS
Accounting Report (in
the Reports & Activity
section, click
TACACS+
Accounting or
RADIUS Accounting
or Failed Attempts).

Examine the Cisco Secure ACS Reports or AAA client Debug output to
narrow the problem to a system error or a user error. Confirm the following:

•

The dial-in user was able to establish a connection and ping the computer
before Cisco Secure ACS was installed. If the dial-in user could not, the
problem is related to a AAA client/modem configuration, not
Cisco Secure ACS.

•

LAN connections for both the AAA client and the computer running
Cisco Secure ACS are physically connected.

•

IP address of the AAA client in the Cisco Secure ACS configuration is
correct.

•

IP address of Cisco Secure ACS in AAA client configuration is correct.

•

TACACS+ or RADIUS key in both AAA client and Cisco Secure ACS are
identical (case sensitive).

•

The command ppp authentication pap is entered for each interface, if
you are using a Windows user database.

•

The command ppp authentication chap pap is entered for each interface,
if you are using the Cisco Secure ACS database.

•

The AAA and TACACS+ or RADIUS commands are correct in the AAA
client. The necessary commands are listed in the following:

Program Files\CiscoSecure ACS vx.x\TacConfig.txt

Program Files\CiscoSecure ACS vx.x\RadConfig.txt

•

The Cisco Secure ACS Services are running (CSAdmin, CSAuth,
CSDBSync CSLog, CSRadius, CSTacacs) on the computer running
Cisco Secure ACS.