AT&T Global Network Client Connectivity Issues

rpw5354 · ‎10-12-2007

I'm attempting to get the AT&T Global Network Client to work thru our ASA5510. With my current congiguration if I add the following statement:

STATIC (inside,outside) interface A.B.C.D. (addr of pc that's running the client) NETMASK 255.255.255.255 TCP 0 0 UDP 0

The ATA&T VPN gets established and works fine BUT none of my outside VPN clients can connect. Any help would be appreciated.

AT&T send out a notice stating their servers are not configured to support NAT-T and will not in the future. They offered 2 possible generic solutions.

1. Create a NAT pool of IP address that can be assigned to each user.....or

2. Assign a static address to each end users PC.

If number 1 will work how do I do that?

Number 2 already applys to us since all our workstations have static address assign. How do I implement number 2?

acomiskey · ‎10-12-2007

Nat-t is definitely your issue. Without it or more public ip addresses, you will only be able to establish one ipsec tunnel outbound and during this period you will not be able to use the ASA to terminate vpn's.

1 or 2 will not work unless you have more ip addresses to use.

1. global (outside) 1 1.1.1.1-1.1.1.254 netmask 255.255.255.255

nat (inside) 1 192.168.1.0

2. You already showed an example of this above.

STATIC (inside,outside) interface A.B.C.D.

Another example would be...

STATIC (inside,outside) 1.2.3.4 A.B.C.E netmask 255.255.255.255

I thought this sounded familiar...

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddfd710

So it was nat-t after all.