[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

AT&T VPN client does not work in a LAN however other VPN clients works in this same LAN

Posted on 2007-04-10
13
Medium Priority
?
811 Views
Last Modified: 2012-06-21
My network has Cisco Pix between LAN and the ISP.  Inside the LAN, users are able to use various VPN clients (Cisco, CheckPoint, Nokia) to connect to other companies.  A new VPN client is required to be used and it is an AT&T VPN client.  This AT&T VPN client does not work in this same environment.  Are there any special PIX config to be done to allow this AT&T VPN client?
0
Comment
Question by:royrubio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 18884555
Have you enabled nat-traversal on your pix?

 isakmp nat-traversal 20

Do you support your own VPN tunnels/clients on the pix? If not you can enable esp-ike fixup.
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 800 total points
ID: 18886430
do you know anything about the AT&T client?  does it use GRE tunnels?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18889004
Good thought, WMIF..
Try adding this to the PIX config:
  fixup protocol pptp 1723
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:royrubio
ID: 18915366
Nat-traversal did not solve the problem.  I do not know anything about the AT&T client.  I will add the fixup and test.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 18917039
If you have extra public IP addresses, you can try a 1-to-1 static public ip to this client..
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 800 total points
ID: 18918589
what version of the client is your user running?
http://support.microsoft.com/kb/925479
0
 

Author Comment

by:royrubio
ID: 18975165
Adding fixup to the PIX did not do any good.

The AT&T VPN client runs alright on the same PC if I route it through a Cisco IOS firewall.  We don't have issues with the PC and AT&T VPN client configuration.  It is the Cisco PIX that is not allowing it.

 
0
 

Author Comment

by:royrubio
ID: 18998445
I need a solution for Cisco PIX because I have a site which uses PIX only.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 19000586
did you try a 1-1 static nat for this inside host?
static (inside,outside) <public ip> <host ip> netmask 255.255.255.255

You should not need any access list entries, but you could try adding
access-list <outside_in> permit ip host <at&t vpn endpoint> host <public ip>
0
 

Author Comment

by:royrubio
ID: 19081037
Lrmore, have not tried it yet.  Will try next week.
0
 

Author Comment

by:royrubio
ID: 19119288
Sorry, I don't have spare public IP to test.  Any more ideas other than this?
0
 

Author Comment

by:royrubio
ID: 19225928
Any more ideas please?
0
 

Author Comment

by:royrubio
ID: 19316358
This remains an open problem for me but I managed to route traffic to an IOS firewall instead of the Pix.  I'm closing this query for now.  I'm splitting points to those who tried to help:  300 for lrmoore and 200 for wmif.  Thanks for your help.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Considering cloud tradeoffs and determining the right mix for your organization.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question