Solved

AT&T VPN client does not work in a LAN however other VPN clients works in this same LAN

Posted on 2007-04-10
13
805 Views
Last Modified: 2012-06-21
My network has Cisco Pix between LAN and the ISP.  Inside the LAN, users are able to use various VPN clients (Cisco, CheckPoint, Nokia) to connect to other companies.  A new VPN client is required to be used and it is an AT&T VPN client.  This AT&T VPN client does not work in this same environment.  Are there any special PIX config to be done to allow this AT&T VPN client?
0
Comment
Question by:royrubio
  • 7
  • 4
  • 2
13 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 18884555
Have you enabled nat-traversal on your pix?

 isakmp nat-traversal 20

Do you support your own VPN tunnels/clients on the pix? If not you can enable esp-ike fixup.
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 200 total points
ID: 18886430
do you know anything about the AT&T client?  does it use GRE tunnels?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18889004
Good thought, WMIF..
Try adding this to the PIX config:
  fixup protocol pptp 1723
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:royrubio
ID: 18915366
Nat-traversal did not solve the problem.  I do not know anything about the AT&T client.  I will add the fixup and test.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 18917039
If you have extra public IP addresses, you can try a 1-to-1 static public ip to this client..
0
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 200 total points
ID: 18918589
what version of the client is your user running?
http://support.microsoft.com/kb/925479
0
 

Author Comment

by:royrubio
ID: 18975165
Adding fixup to the PIX did not do any good.

The AT&T VPN client runs alright on the same PC if I route it through a Cisco IOS firewall.  We don't have issues with the PC and AT&T VPN client configuration.  It is the Cisco PIX that is not allowing it.

 
0
 

Author Comment

by:royrubio
ID: 18998445
I need a solution for Cisco PIX because I have a site which uses PIX only.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 19000586
did you try a 1-1 static nat for this inside host?
static (inside,outside) <public ip> <host ip> netmask 255.255.255.255

You should not need any access list entries, but you could try adding
access-list <outside_in> permit ip host <at&t vpn endpoint> host <public ip>
0
 

Author Comment

by:royrubio
ID: 19081037
Lrmore, have not tried it yet.  Will try next week.
0
 

Author Comment

by:royrubio
ID: 19119288
Sorry, I don't have spare public IP to test.  Any more ideas other than this?
0
 

Author Comment

by:royrubio
ID: 19225928
Any more ideas please?
0
 

Author Comment

by:royrubio
ID: 19316358
This remains an open problem for me but I managed to route traffic to an IOS firewall instead of the Pix.  I'm closing this query for now.  I'm splitting points to those who tried to help:  300 for lrmoore and 200 for wmif.  Thanks for your help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question