Thanks for the reply..
> Then your RASes are broken. The request ID MUST NOT be incremented > for retransmissions of authentication packets. It's a Cisco PIX authenticating remote VPN users. The PIX isn't really the best at implementing radius.. =/ > If your RAS doesn't re-try a request during that 10 second period, > then it should be configured to do so. It does retry the request, but it increments (improperly) the request ID. It tries four times and gives up afterwards, as shown in the tcpdump. > Read radiusd.conf. Look for the configuration item "reject_delay". reject_delay is set for 1 second. Thanks, -Joshua - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
