User`s guide
AT&T Global Network Client for Windows Administrator’s Guide
© 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or
AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Images are shown for illustrative purposes only; individual
experience may vary. This document is not an offer, commitment, representation or warranty by AT&T and is subject to change.
Windows is a registered trademark of Microsoft Corporation in the United States and other countries.
-91-
AT&T VPN Services
AT&T offers several advanced VPN services. The information in this chapter represents the most
common administration and configuration questions.
Using Managed IPSec VPN Services
The security rules of the Managed VPN Services may require additional configuration or specific
configuration settings to support your network infrastructure.
Local Resources
Accessing Local Resources
To access local resources (such as printers and other servers) outside the tunnel while a VPN tunnel is
established, you must be using a VPN Dual Access capable service. VPN Dual Access allows you to access
destinations outside the tunnel either locally or through the Internet in addition to resources down the
tunnel.
Customer Account Administrators have the option to allow users that are not configured for Dual Access
to access resources on their directly connected subnet by updating the ‘Local Subnet Access’ to ‘y’ at
either the account or client-id level in the AT&T administration server. When the Local Subnet Access flag
is set to yes and you are connecting with a non-dual access type service, the AT&T Global Network Client
will determine the local subnet and set up the routing/rules to allow access to the local subnet.
Sharing Local Resources
You will not be able to host shared resources on the local LAN (such as printers) when a VPN tunnel is
established. This traffic will be viewed as unsolicited IP traffic, and will be silently discarded by AT&T
Global Network Client Firewall. The AT&T Global Network Client Firewall must be disabled via the AT&T
administration server to support local resource sharing while VPN connected.
Registering VPN IP Address with Dynamic DNS
The AT&T Global Network Client can dynamically register an IP address in DNS when VPN connected
regardless of the VPN server type. After VPN connected, the AT&T Global Network Client will gather the
domain name, host name, and IP address then send out registration requests to all of the DNS servers in
the VPN Adapter interface’s DNS server list. To set this option, click Show the login properties window.
from the Settings panel on the main window, click the Preferences tab, click Override Defaults, scroll
down and click Register VPN connection’s address in DNS. in the VPN Details section. If you have opted
to turn off DNS registration through the network control panel, then the AT&T Global Network Client will
not send the DNS update requests.
If the DNS server is configured for ‘Secure Updates Only’ and integrated with Active Directory, then the
AT&T Network Logon Extensions component is required.