ASA does not pass AT&T client auth traffic

Unanswered Question
Oct 7th, 2007

When a workstation behind the ASA tries to initiate an AT&T client authentication session the following happens on the ASA:

-3-way handshake completes to the auth server.

-Push packet from the client hits the inside interface of the ASA but does not get passed through the firewall.

-Logs do not show any dropped packets or errors.

What ive done:

Since the traffic to the auth server is over port 80, ive tried turning on and off class maps for http.

Even though the acl allows the traffic and the handshake completes, i provided explicit access between the src and dst at the top of the acl.

Ive captured ingress and egress traffic between the hosts.

Have tried several different authentication servers.

ANy insight would be greatly appreciated.

Thanks in advanced.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
david.keil Wed, 10/10/2007 - 20:06

Is this the AT&T dialer? If so, their design is similar to a Remote Access VPN. You may need to issue 'isakmp nat-traversal 20' on ASA.


This Discussion