VPN connections over AT&T and Verizon

This one has me stumped, however I must say I have little experience with our Cisco ASA at this time, and no one else here in our IT department has the skills to even touch the device.  So that leaves me.  I could make the changes if I knew what needed to be done, so I am hoping someone has an answer.

Recently all users that try and remote desktop into their computers via an iPhone, iPad, or any other phone will fail with the error "failed to establish TCP connection".  This is the same error that you would get if you tried doing it without first connecting up to the VPN.  The VPN connection is successful, however you can not ping internal IP addresses, nor can you connect to any local computer via remote desktop.  This worked a few months ago with no problem and just stopped one day.  No changes were made to the ASA device as I am the only one with access and I just let it be.  I am thinking something changed with the way the cellular networks deal with traffic.  I thought I saw something about activating IPSec with Nat-T on the ASA to resolve the problem.  I found the area in the ASA gui where this option was for the Remote VPN connections and turned it on, however it did not resolve my problem.  So I turned it back off.

Any ideas on what I should do?

Thanks,

Ivan Windon
Ivan_WindonAsked:
Who is Participating?
 
Ivan_WindonAuthor Commented:
I found the issue, and it works again.  I just needed to add this global config command...

crypto isakmp nat-traversal 20

The second I added it all phones could work over VPN.
0
 
joelsplaceCommented:
Is it possible that the ASA power cycled with the config not being written to memory?
Pings don't have to work for normal traffic to work so that may or may not be a symptom of the problem.  Are you sure you could ping when it did work?
I would probably grab a support contract with Cisco since in my experience even their support guys have a lot of trouble getting things like this to work.  If they have trouble then I assume I would never figure it out.  Since that part of your network is down you can get quick assistance from them with a network down request.
0
 
Ivan_WindonAuthor Commented:
No, as if I do make any changes I am good about writing the config file.  I can configure cisco routers and switches with no trouble, I just do not have any experience with the ASA.  As for pings, I never tried before, so I can't say for sure, however I was able to remote desktop in from my phone once connected up via the VPN.  This no longer works.  The only part effected is connections going through cell phones, if you do the VPN with a DSL or cable connection it works just fine.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
joelsplaceCommented:
Does RDP work from the devices when inside the network?  It does seem odd that other devices still work.
I just used RDP to connect to my server via my phone over AT&T in the DFW area and it still works.  Not using VPN though.
Do you have any laptops with a cellular connection card to test and see if the problem is isolated to the cell networks and not just phone type devices?
0
 
joelsplaceCommented:
That's odd.  I wouldn't think it would have ever worked with that missing.
0
 
Ivan_WindonAuthor Commented:
I finally came across an article that gave me a command line to try out and it worked the way I needed it to
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.