AT&T VPN client does not work in a LAN however other VPN clients works in this same LAN

My network has Cisco Pix between LAN and the ISP.  Inside the LAN, users are able to use various VPN clients (Cisco, CheckPoint, Nokia) to connect to other companies.  A new VPN client is required to be used and it is an AT&T VPN client.  This AT&T VPN client does not work in this same environment.  Are there any special PIX config to be done to allow this AT&T VPN client?
royrubioAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Have you enabled nat-traversal on your pix?

 isakmp nat-traversal 20

Do you support your own VPN tunnels/clients on the pix? If not you can enable esp-ike fixup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WMIFCommented:
do you know anything about the AT&T client?  does it use GRE tunnels?
0
lrmooreCommented:
Good thought, WMIF..
Try adding this to the PIX config:
  fixup protocol pptp 1723
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

royrubioAuthor Commented:
Nat-traversal did not solve the problem.  I do not know anything about the AT&T client.  I will add the fixup and test.
0
lrmooreCommented:
If you have extra public IP addresses, you can try a 1-to-1 static public ip to this client..
0
WMIFCommented:
what version of the client is your user running?
http://support.microsoft.com/kb/925479
0
royrubioAuthor Commented:
Adding fixup to the PIX did not do any good.

The AT&T VPN client runs alright on the same PC if I route it through a Cisco IOS firewall.  We don't have issues with the PC and AT&T VPN client configuration.  It is the Cisco PIX that is not allowing it.

 
0
royrubioAuthor Commented:
I need a solution for Cisco PIX because I have a site which uses PIX only.
0
lrmooreCommented:
did you try a 1-1 static nat for this inside host?
static (inside,outside) <public ip> <host ip> netmask 255.255.255.255

You should not need any access list entries, but you could try adding
access-list <outside_in> permit ip host <at&t vpn endpoint> host <public ip>
0
royrubioAuthor Commented:
Lrmore, have not tried it yet.  Will try next week.
0
royrubioAuthor Commented:
Sorry, I don't have spare public IP to test.  Any more ideas other than this?
0
royrubioAuthor Commented:
Any more ideas please?
0
royrubioAuthor Commented:
This remains an open problem for me but I managed to route traffic to an IOS firewall instead of the Pix.  I'm closing this query for now.  I'm splitting points to those who tried to help:  300 for lrmoore and 200 for wmif.  Thanks for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.