Sierra Wireless WWAN (AT&T Laptop Connect) and Cisco ASA VPN IPSEC Client

jasonhdz
jasonhdz used Ask the Experts™
on
Hello,

I am having a big problem with my new AT&T Laptop connect USB Modem.  

AT&T USBConnect Momentum 4G
http://www.wireless.att.com/cell-phone-service/cell-phone-details/?device=AT%26T+USBConnect+Momentum+4G&q_sku=sku5320283#fbid=fVyIiZI3GsY

Problem:

I connect to my VPN @ my test lab at home.  It is a Cisco ASA 5505.  VPN over IPSec UDP.  It works perfect from wifi, iphone 4G, starbucks....everywhere; with the exception from my
new AT&T USBConnect.

I can establish a connection with the VPN and obtain an IP Address from VPN.  However, i cannot access anything on my network.

I have researched somewhat and ive found many solutions that have not worked for me.  

I have tried the following:
Uninstalling any wireless software on my Laptop.  And reinstalling the USBConnect drivers. - Dont work
Did an update on USBConnect - dont work.

I look forward to hear back from anyone.

Thanks in advance,

Jason
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
What is the IP addressing you are assigned on the client and on the corporate network.  If any 2 network segments between host and client are the same (such as 2 using 10.10.10..x/24) you will experience these issues.

also can be due to NATing on client end, or too long a latency beteen cleint and host. Can you ping the VPN server?  If so how mant MS is the delay?

Author

Commented:
My VPN Network is 10.10.100.0/24.

My USBModem LAN Address on laptop is 10.175.74.x  

The NAT on the ASA should be working fine, i can work on my VPN just fine as long as i am not connected through my USBModem.  

When pinging the public IP of the ASA time is in 60-70ms.  I can establish a connection to the VPN successfully.  the problem is accessing any internal assets/hosts.

Let me know if you need any other info.
Top Expert 2013

Commented:
Any chance at the client end, or server, the subnet mask is 255.0.0.0, the default for that class subnet?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
subnet is 255.255.255.255 on LAN by USBModem.

At the server side it is 255.255.255.0
Top Expert 2013
Commented:
My bet is still on the routing and an overlap of subnets.  Typically when this happens you can connect to the VPN server/router because you are using the public IP. Internal routing and access to resources uses the LAN/VPN addressing.  If two network segments are the same routing cannot take place.  If your Sierra IP is 10.175.74.x it is very possible it is part of a larger 10.x.x.x network and causing problems.

Perhaps others will have some suggestions. or if it is possible to change the Cisco end to something like 172.16.x.x. as a test, it might determine if that is the case.

Author

Commented:
That exactly what i was thinking....changing the VPN Network to 192.168 something to avoid confusion since my internal is 172.16....

I will keep you posted on what comes around.

I appreciate your help.  Will post back soon.

Author

Commented:
it all appears you are right, internal routing issues when i was going in with another 10. something address.

I did not changed the configs on the router, i just decided to go to AT&T store and try the laptop connect the wifi and it gives me an ip of 192.168  and it is working perfect.  I guess nothing out there of WWAN and compatibility issues with Cisco VPN is true.

I appreciate your help.  Thanks a lot!
Top Expert 2013

Commented:
It's not a Cisco or VPN issue ,but rather just basic routing.
Thanks jasonhdz.
Cheers!
--Rob

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial