?
Solved

AT&T VPN client does not work in a LAN however other VPN clients works in this same LAN

Posted on 2007-04-10
13
Medium Priority
?
809 Views
Last Modified: 2012-06-21
My network has Cisco Pix between LAN and the ISP.  Inside the LAN, users are able to use various VPN clients (Cisco, CheckPoint, Nokia) to connect to other companies.  A new VPN client is required to be used and it is an AT&T VPN client.  This AT&T VPN client does not work in this same environment.  Are there any special PIX config to be done to allow this AT&T VPN client?
0
Comment
Question by:royrubio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 18884555
Have you enabled nat-traversal on your pix?

 isakmp nat-traversal 20

Do you support your own VPN tunnels/clients on the pix? If not you can enable esp-ike fixup.
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 800 total points
ID: 18886430
do you know anything about the AT&T client?  does it use GRE tunnels?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18889004
Good thought, WMIF..
Try adding this to the PIX config:
  fixup protocol pptp 1723
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:royrubio
ID: 18915366
Nat-traversal did not solve the problem.  I do not know anything about the AT&T client.  I will add the fixup and test.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 18917039
If you have extra public IP addresses, you can try a 1-to-1 static public ip to this client..
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 800 total points
ID: 18918589
what version of the client is your user running?
http://support.microsoft.com/kb/925479
0
 

Author Comment

by:royrubio
ID: 18975165
Adding fixup to the PIX did not do any good.

The AT&T VPN client runs alright on the same PC if I route it through a Cisco IOS firewall.  We don't have issues with the PC and AT&T VPN client configuration.  It is the Cisco PIX that is not allowing it.

 
0
 

Author Comment

by:royrubio
ID: 18998445
I need a solution for Cisco PIX because I have a site which uses PIX only.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1200 total points
ID: 19000586
did you try a 1-1 static nat for this inside host?
static (inside,outside) <public ip> <host ip> netmask 255.255.255.255

You should not need any access list entries, but you could try adding
access-list <outside_in> permit ip host <at&t vpn endpoint> host <public ip>
0
 

Author Comment

by:royrubio
ID: 19081037
Lrmore, have not tried it yet.  Will try next week.
0
 

Author Comment

by:royrubio
ID: 19119288
Sorry, I don't have spare public IP to test.  Any more ideas other than this?
0
 

Author Comment

by:royrubio
ID: 19225928
Any more ideas please?
0
 

Author Comment

by:royrubio
ID: 19316358
This remains an open problem for me but I managed to route traffic to an IOS firewall instead of the Pix.  I'm closing this query for now.  I'm splitting points to those who tried to help:  300 for lrmoore and 200 for wmif.  Thanks for your help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question