VPN connections over AT&T and Verizon
This one has me stumped, however I must say I have little experience with our Cisco ASA at this time, and no one else here in our IT department has the skills to even touch the device. So that leaves me. I could make the changes if I knew what needed to be done, so I am hoping someone has an answer.
Recently all users that try and remote desktop into their computers via an iPhone, iPad, or any other phone will fail with the error "failed to establish TCP connection". This is the same error that you would get if you tried doing it without first connecting up to the VPN. The VPN connection is successful, however you can not ping internal IP addresses, nor can you connect to any local computer via remote desktop. This worked a few months ago with no problem and just stopped one day. No changes were made to the ASA device as I am the only one with access and I just let it be. I am thinking something changed with the way the cellular networks deal with traffic. I thought I saw something about activating IPSec with Nat-T on the ASA to resolve the problem. I found the area in the ASA gui where this option was for the Remote VPN connections and turned it on, however it did not resolve my problem. So I turned it back off.
Any ideas on what I should do?
Thanks,
Ivan Windon
Recently all users that try and remote desktop into their computers via an iPhone, iPad, or any other phone will fail with the error "failed to establish TCP connection". This is the same error that you would get if you tried doing it without first connecting up to the VPN. The VPN connection is successful, however you can not ping internal IP addresses, nor can you connect to any local computer via remote desktop. This worked a few months ago with no problem and just stopped one day. No changes were made to the ASA device as I am the only one with access and I just let it be. I am thinking something changed with the way the cellular networks deal with traffic. I thought I saw something about activating IPSec with Nat-T on the ASA to resolve the problem. I found the area in the ASA gui where this option was for the Remote VPN connections and turned it on, however it did not resolve my problem. So I turned it back off.
Any ideas on what I should do?
Thanks,
Ivan Windon
ASKER
No, as if I do make any changes I am good about writing the config file. I can configure cisco routers and switches with no trouble, I just do not have any experience with the ASA. As for pings, I never tried before, so I can't say for sure, however I was able to remote desktop in from my phone once connected up via the VPN. This no longer works. The only part effected is connections going through cell phones, if you do the VPN with a DSL or cable connection it works just fine.
Does RDP work from the devices when inside the network? It does seem odd that other devices still work.
I just used RDP to connect to my server via my phone over AT&T in the DFW area and it still works. Not using VPN though.
Do you have any laptops with a cellular connection card to test and see if the problem is isolated to the cell networks and not just phone type devices?
I just used RDP to connect to my server via my phone over AT&T in the DFW area and it still works. Not using VPN though.
Do you have any laptops with a cellular connection card to test and see if the problem is isolated to the cell networks and not just phone type devices?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's odd. I wouldn't think it would have ever worked with that missing.
ASKER
I finally came across an article that gave me a command line to try out and it worked the way I needed it to
Pings don't have to work for normal traffic to work so that may or may not be a symptom of the problem. Are you sure you could ping when it did work?
I would probably grab a support contract with Cisco since in my experience even their support guys have a lot of trouble getting things like this to work. If they have trouble then I assume I would never figure it out. Since that part of your network is down you can get quick assistance from them with a network down request.