AT&T Global Network Client Connectivity Issues

Unanswered Question
Oct 12th, 2007
User Badges:

I'm attempting to get the AT&T Global Network Client to work thru our ASA5510. With my current congiguration if I add the following statement:

STATIC (inside,outside) interface A.B.C.D. (addr of pc that's running the client) NETMASK TCP 0 0 UDP 0

The ATA&T VPN gets established and works fine BUT none of my outside VPN clients can connect. Any help would be appreciated.

AT&T send out a notice stating their servers are not configured to support NAT-T and will not in the future. They offered 2 possible generic solutions.

1. Create a NAT pool of IP address that can be assigned to each user.....or

2. Assign a static address to each end users PC.

If number 1 will work how do I do that?

Number 2 already applys to us since all our workstations have static address assign. How do I implement number 2?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 10/12/2007 - 11:38
User Badges:
  • Green, 3000 points or more

Nat-t is definitely your issue. Without it or more public ip addresses, you will only be able to establish one ipsec tunnel outbound and during this period you will not be able to use the ASA to terminate vpn's.

1 or 2 will not work unless you have more ip addresses to use.

1. global (outside) 1 netmask

nat (inside) 1

2. You already showed an example of this above.

STATIC (inside,outside) interface A.B.C.D.

Another example would be...

STATIC (inside,outside) A.B.C.E netmask

I thought this sounded familiar...

So it was nat-t after all.


This Discussion