User`s guide
AT&T Global Network Client for Windows Administrator’s Guide
© 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or
AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Images are shown for illustrative purposes only; individual
experience may vary. This document is not an offer, commitment, representation or warranty by AT&T and is subject to change.
Windows is a registered trademark of Microsoft Corporation in the United States and other countries.
-93-
overridden by a user. To utilize NAT Traversal, this preference must be selected along with configuring
the NAT Traversal settings on the VPN endpoint.
The AT&T Global Network Client client supports most NAT devices. There are known difficulties when
tunneling IPSec traffic through NAT/firewalls which are documented in the following RFC
http://www.ietf.org/rfc/rfc3715.txt.
AT&T is committed to supporting all NAT device vendors that are aware of the known IPSec compatibility
issues and comply with the industry standards.
Cisco Passwords
If your network logon password has expired as determined by the authentication flows between the
Cisco tunnel server and the Windows Primary Domain Controller, the AT&T Global Network Client will
display a prompt for you to enter a new password. The VPN negotiation code will complete the change
password exchange.
Using Managed SSL VPN Services
Managed SSL VPN is a client based tunneling solution. Managed SSL VPN traverses customer site proxies
and firewalls without requiring network configuration changes. Fenced Internet hosts can be specified
when tunneling with SSL-T dual access from a private line location.
Managed SSL VPN Services use TCP port 443 for authentication and tunneling. Alternatively, TCP port 80
can be used by unchecking the Authenticate with HTTPS preference in the AT&T Global Network Client
Login Properties. Managed SSL VPN is successful because unlike IPSec, TCP port 443 can be passed
through a proxy. The AT&T Global Network Client can be configured for proxy settings specific to
connections using the AT&T Global Network Client using Setup Wizard or Login Properties, or the AT&T
Global Network Client can use Microsoft Windows Internet Options proxy settings.
Network Layer Solution
Unlike some SSL solutions, Managed SSL VPN is a network layer solution. Therefore, all IP based
applications (File Sharing/Outlook Exchange/VOIP/etc) are supported. Additionally, customer account
administrators can access end user systems for software pushes, ad hoc message, etc. just as if their end
users were residing on the Company’s private local LAN.
Being VPN connected from behind a customer site proxy presents an extra layer of complexity for web-
based applications such as a browser. By default, web-based applications will send all traffic directly to
the proxy. However, Private LAN (VPN) and Local LAN traffic need to be routed differently. The AT&T
Global Network Client enables a user to configure Internet Options for each specific proxy location to
handle web-based applications correctly.
Security/Authentication
The Managed SSL VPN service use AT&T authentication server based authentication. The AT&T SSL VPN
Server dictates the encryption method and currently enforces 3 DES and SHA-1. The AT&T SSL VPN Server
is configured with an Entrust Server Certificate, and the AT&T Global Network Client utilizes Microsoft