Solved

AT&T VPN client does not work in a LAN however other VPN clients works in this same LAN

Posted on 2007-04-10
13
807 Views
Last Modified: 2012-06-21
My network has Cisco Pix between LAN and the ISP.  Inside the LAN, users are able to use various VPN clients (Cisco, CheckPoint, Nokia) to connect to other companies.  A new VPN client is required to be used and it is an AT&T VPN client.  This AT&T VPN client does not work in this same environment.  Are there any special PIX config to be done to allow this AT&T VPN client?
0
Comment
Question by:royrubio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 18884555
Have you enabled nat-traversal on your pix?

 isakmp nat-traversal 20

Do you support your own VPN tunnels/clients on the pix? If not you can enable esp-ike fixup.
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 200 total points
ID: 18886430
do you know anything about the AT&T client?  does it use GRE tunnels?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18889004
Good thought, WMIF..
Try adding this to the PIX config:
  fixup protocol pptp 1723
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:royrubio
ID: 18915366
Nat-traversal did not solve the problem.  I do not know anything about the AT&T client.  I will add the fixup and test.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 18917039
If you have extra public IP addresses, you can try a 1-to-1 static public ip to this client..
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 200 total points
ID: 18918589
what version of the client is your user running?
http://support.microsoft.com/kb/925479
0
 

Author Comment

by:royrubio
ID: 18975165
Adding fixup to the PIX did not do any good.

The AT&T VPN client runs alright on the same PC if I route it through a Cisco IOS firewall.  We don't have issues with the PC and AT&T VPN client configuration.  It is the Cisco PIX that is not allowing it.

 
0
 

Author Comment

by:royrubio
ID: 18998445
I need a solution for Cisco PIX because I have a site which uses PIX only.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 19000586
did you try a 1-1 static nat for this inside host?
static (inside,outside) <public ip> <host ip> netmask 255.255.255.255

You should not need any access list entries, but you could try adding
access-list <outside_in> permit ip host <at&t vpn endpoint> host <public ip>
0
 

Author Comment

by:royrubio
ID: 19081037
Lrmore, have not tried it yet.  Will try next week.
0
 

Author Comment

by:royrubio
ID: 19119288
Sorry, I don't have spare public IP to test.  Any more ideas other than this?
0
 

Author Comment

by:royrubio
ID: 19225928
Any more ideas please?
0
 

Author Comment

by:royrubio
ID: 19316358
This remains an open problem for me but I managed to route traffic to an IOS firewall instead of the Pix.  I'm closing this query for now.  I'm splitting points to those who tried to help:  300 for lrmoore and 200 for wmif.  Thanks for your help.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question