Appendix A Troubleshooting
Dial-in Connection Issues
A-10
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Dial-in Connection Issues
Condition Recovery Action
A dial-in user cannot
connect to the AAA
client.
No record of the
attempt appears in
either the TACACS+
or RADIUS
Accounting Report (in
the Reports & Activity
section, click
TACACS+
Accounting or
RADIUS Accounting
or Failed Attempts).
Examine the Cisco Secure ACS Reports or AAA client Debug output to
narrow the problem to a system error or a user error. Confirm the following:
• The dial-in user was able to establish a connection and ping the computer
before Cisco Secure ACS was installed. If the dial-in user could not, the
problem is related to a AAA client/modem configuration, not
Cisco Secure ACS.
• LAN connections for both the AAA client and the computer running
Cisco Secure ACS are physically connected.
• IP address of the AAA client in the Cisco Secure ACS configuration is
correct.
• IP address of Cisco Secure ACS in AAA client configuration is correct.
• TACACS+ or RADIUS key in both AAA client and Cisco Secure ACS are
identical (case sensitive).
• The command ppp authentication pap is entered for each interface, if
you are using a Windows user database.
• The command ppp authentication chap pap is entered for each interface,
if you are using the Cisco Secure ACS database.
• The AAA and TACACS+ or RADIUS commands are correct in the AAA
client. The necessary commands are listed in the following:
Program Files\CiscoSecure ACS vx.x\TacConfig.txt
Program Files\CiscoSecure ACS vx.x\RadConfig.txt
• The Cisco Secure ACS Services are running (CSAdmin, CSAuth,
CSDBSync CSLog, CSRadius, CSTacacs) on the computer running
Cisco Secure ACS.
