Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
1
Replies

ASA does not pass AT&T client auth traffic

MSS Operations
Level 1
Level 1

‎10-07-2007 10:24 AM - edited ‎03-11-2019 04:22 AM

When a workstation behind the ASA tries to initiate an AT&T client authentication session the following happens on the ASA:

-3-way handshake completes to the auth server.

-Push packet from the client hits the inside interface of the ASA but does not get passed through the firewall.

-Logs do not show any dropped packets or errors.

What ive done:

Since the traffic to the auth server is over port 80, ive tried turning on and off class maps for http.

Even though the acl allows the traffic and the handshake completes, i provided explicit access between the src and dst at the top of the acl.

Ive captured ingress and egress traffic between the hosts.

Have tried several different authentication servers.

ANy insight would be greatly appreciated.

Thanks in advanced.

Labels:
0 Helpful
1 Reply 1

david.keil
Level 1
Level 1

‎10-10-2007 08:06 PM

Is this the AT&T dialer? If so, their design is similar to a Remote Access VPN. You may need to issue 'isakmp nat-traversal 20' on ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card