Wifi router problem - help my friend Karen

May 16 2004

While I was in Boston last week, I attempted to prove my technical manliness by helping my friends Paul and Karen Lilla get their US Robotics 8054 wi-fi router up and running.  They are DSL subscribers, so we had to configure the PPPoE setup, which was fine.  A couple more tweaks, and the wifi was humming.
Unfortunately, what wasn't working was the IBM VPN connection.  The AT&T Network Client would try and try to negotiate encryption keys with the VPN server, try to authenticate, and start over again.  Even viewing the AT&T client's verbose settings didn't provide me any clues as to why it was failing to connect.  I suspect an IPSec filtering kind of problem, but couldn't find anyplace in the router where it might be blocking a particular required port.
Anyone have any experience with this particular router and the AT&T client?  It kicked my ass for sure, and I didn't have any time to call USR tech support.  USR's support website basically says that the configuration should be supported, and obviously it's not.

Ed Brill | Highland Park, IL USA Category:  Toys  Add/View Comments [49]

Post a Comment

  1. 1  jw  | 5/17/2004 3:51:37 AM

    I had all sorts of IPSec issues with a Netgear until I upgraded the firmware. could be a good first step.

    http://www.usr.com/support/product-template.asp?prod=8054

  1. 2  Ed Brill www.edbrill.com | 5/17/2004 4:03:38 AM

    first thing I did was update to the latest version.

  1. 3  jules  | 5/17/2004 9:51:08 AM

    at our office we use the at&t dialler and have had nothing but problems with it. you may need o ensure that the firewall component is download and the newest dialler. the diallers that we have had untill now will not support adsl! at&t have said that they have a new version that works....but i haven't seen it work yet. It may therefore be nothing at all to do with your configuration but instead just be the dialler.

  1. 4  Adam  | 5/17/2004 10:31:25 AM

    I had similar problems with my Linksys router. Three things to try: 1) Switch the UDP port between 4500 and 500 (I found a little utility that does it automatically, and can send it on if you want). 2) In the Login Properties of the dialer, try unchecking the setting for the "Negotiate UDP encapsulation with VPN tunnel server for NAT transversal" 3) Try unchecking the "Net Firewall Service" in the Windows Network Properties settings.

    And, as a last resort - I (and others) have found that AT&T Dialer 5.0.3 will work in places where 5.0.5 or higher won't. Obviously downgrading should be a last resort, but I can help you locate 5.0.3 if you want to try that, too. Best of luck!

  1. 5  Barry L  | 5/17/2004 12:34:09 PM

    Was the IBM VPN working over hard wired connection before u started? If they have Zone Alarm Integrity firewall installed make sure it's advanced firewall settings have Allow VPN protocols at high security AND Allow uncommon protocols at high security options checked. The second of these is needed to pass a message back to the client from the IPSec system which comes in on something like Port 53

  1. 6  Thomas Gumz  | 5/18/2004 9:30:25 AM

    The latest available Client is 5.09.2...

  1. 7  Jeffrey  | 10/3/2004 6:32:16 AM

    Ed,

    I have the same problem.

    I am allready using 5.0.9.2.

    Did you allready find a solution?

  1. 8  Ed Brill www.edbrill.com | 10/3/2004 12:51:55 PM

    I haven't been back to Boston and we haven't had time to try to walk through it by phone.

  1. 9  Venkat Swamy  | 3/23/2005 3:37:27 PM

    You need to uncheck "Negotiate UDP encapsulation with VPN tunnel server for NAT traversal" at ATT Network Client. U can do this by alt+L at ATT Net client and check override default in preferences. Then unckeck, "Negotiate UDP encapsulation with VPN tunnel server for NAT traversal".I

    did this and it is working for me.

    Alternately, if you found any other solution, let me know.

    Good luck,

    Venkat

  1. 10  Gurvinder S Bindra  | 5/7/2005 12:38:58 PM

    Hi!

    This is a NAT problem of the router itself. I used to be a Technical Support manager with Wipro Spectramind for Microsoft Broadband routers. I faced several calls like such not only for AT&T but also other VPN issues. I recommend using an SMC routers amongst others as its firmware allows the AT&T client to connect FLAWLESSLY !

    Also , in the future ensure that you TEST the VPN connectivity, java connectivity (Use Yahoo chat) and any other software where you may need translation BEFORE you buy the router. I know this is not much help for you present problem but I hope you can use it !

    Cheers

  1. 11  Roberto Olivares  | 7/20/2005 12:25:25 PM

    BTW -- I've had this problem periodically. Revrting to an older client solved it in one case. Also, there are times when the BSO goes down and does not come back up (e.g. a power failure, crash, etc.) This has happened before and I just wait a day and we're good again. Sometimes it won't work no matter what you do.

  1. 12  James  | 8/6/2005 6:33:08 PM

    Venkat's suggestion above worked like a charm.

  1. 13  Ron Ersek  | 9/4/2005 4:34:54 PM

    Thank God for user groups and forums.

    Damn IBM VPN's .. hehehe. The "Negotiate UDP encapsulation with VPN tunnel server for NAT traversal" worked first shot. Been putzing on this DSL connection for the last half-hour.

    I am stuck up north in Quebec at my sister's on call. HAD to get this connection working.

    Thanks everyone.

  1. 14  Alejandro   | 9/23/2005 10:29:00 PM

    Venkat, you rule!!!!

    Now I can use wireless at home :)

  1. 15  Cheryl Elliman  | 11/15/2005 12:37:59 AM

    Venkat! You rule twice! Google & this blog - much faster than 800-tech support.

  1. 16  Rachel Ma No | 1/16/2006 12:30:12 AM

    But how to change the default settings in "preference" tab? I can launch this dialog by "alt+L", but all settings are grayed and no response to my keyboard or mouse actions.

    Maybe I should change the settings at home, not at office?

  1. 17  Rachel Ma No | 1/16/2006 1:29:34 AM

    Silly me. :-)

  1. 18  Alex Lee  | 4/18/2006 9:54:44 AM

    Another thumbs up for Venkat. This problem has been plaguing me for 9 mos. Now I really can work from home.

  1. 19  Marc Niketas  | 6/1/2006 12:49:57 PM

    I had this same problem (Linksys Router and AT&T Dialer) and battled it for quite a while before getting it fixed... in addition to Venkat's config change, I had to adjust two additional things...

    1) ensure that the following ports were open on my router (TCP - 21, 50 to 60, 80, 389, 709 & 5080, UDP - 500, 4500)

    2) ensure that "Net Firewall Service" was checked for both my Wireless and AGN Connections... not sure why they weren't, but I may have unchecked them at some point during troubleshooting

  1. 20  bala  | 6/13/2006 8:44:35 PM

    I don't find "Net Firewall Service". I have windows xp sp2 home edition. How do I find it to check if it is checked? Thanks!

  1. 21  karim http://AT&T Network Client Troubleshooting | 7/7/2006 8:24:00 PM

    Just use this site for troubleshooting:

    { Link }

  1. 22  Rich  | 7/9/2006 8:34:17 PM

    Thanks for the help, the port forwarding coupled with the disabling of "Negotiate UDP encapsulation with VPN server for NT traversal". I've been working on this for months. Thank You!

  1. 23  joe  | 7/12/2006 10:20:25 AM

    got to this location and realized I couldn't connect with the AT&T vpn. thought "great! gotta go back to the other location." a quick google search, read down a bit, found Venkat's suggeation .... brilliant. Now I'm connected.

    Thanks!

  1. 24  ravi Kiran  | 7/21/2006 7:31:02 AM

    Hi...

    Gud to see that unchecking Negotiating UDP encapsulation has resolved the issue for most of them.... For a AT & T looping Issue...you can follow theese steps...

    1>Chk beasin Internet connection.

    2.ReUncheck UDP encapsulation

    3.Make sure that Netfirewall is cheked in the propertioes of the NT connections...and also for the AGN(Some ppl mint not fnd it if the computer has a normal Image of win XP)

    4: Disable all the Firewalls that you have in your computer

    5>click on Advanced Menu and click on Advanced settings in the NT connections window and make sure that the AGN is listed as the first connection......

    Hope this is helpfull...

  1. 25  Rosina Teodorescu  | 8/12/2006 7:11:39 AM

    Venkat, thank you very much!

    :))

    R

  1. 26  Joel Wheeler  | 8/21/2006 5:12:42 PM

    I had this problem on my Windows 2000 laptop with the Linksys wrt54g router. De-selecting "Enable Net Firewall" had fixed the problem. Unfortunately, today I upgraded to a new laptop with XP and the problem re-appeared, without such a simple solution. I am using AT&T Network Client 5.09.2. I tried just turning off the "Negotiate UDP encapsulation" (as suggested above) without sucess.

    After calling support, I needed to do a few additional things.

    All the steps I needed to do to get this working:

    * ensure "Enable Net Firewall" was selected for my windows network setings.

    * In AT&T Network Client, under "Show login properties/Preferences":

    - disable "Negotiate UDP encapsulation" in AT&T network client

    - Change "VPN MTU Size" from Default to 1370

    * Select "Setup" on Network Client and, under "Advanced login properties" menu, change from "Default" to "Both the internet and my company's intranet (under "Network"), and then select "Managed VPN-SSL DualAccess" for the service

    Hope this helps someone else besides myself.

  1. 27  Alexandre Sforza  | 8/31/2006 5:22:26 PM

    When I switch from a syslink router to a Apple airport express I could not connect to the IBM VPN with AT&T, the solution was to change the setting MANAGED VPN IPSec DualAccess to MANAGED VPN SSL DualAccess. Just recently I discovered that my VPN connection was very very slow. With the above thread I removed the Negotiate UDP encapsulation with VPN server for NT traversal and my speed is now 10 times faster, which is certainly as it was before. Very important to me as I upload a lot.

  1. 28  Manish  | 11/13/2006 7:20:19 AM

    Hi,

    I have AT&T Network Client v6.4.0.3000 installed on Windows XP Prof (SP2). I have a peculiar problem which am not able to resolve.

    Whenever I am connected to wired LAN/Wireless, I am able to connect to my office network using AT&T client.

    But if I dial to local ISP (using wired connection or GPRS), and then connect to my office n/w using same AT&T Client, though the client gets connected and I gets an IP also, but still am not able to access any of my office intranet as well as mails.

    I have observed this problem with my earlier version of AT&T client also (v5.0.9.2). I have already tried various options suggested on this page but no success.

    Pls help me in resolving this problem.

  1. 29  man  | 11/20/2006 11:15:30 AM

    Same problem as Manish. I downgraded to v5.0.9.2 , but still no luck.

  1. 30  man  | 11/21/2006 8:36:31 AM

    Was able to resolve this today : Make sure you have your ATÞNetwork Client set up for broadband using IPSEC. To check if you have IPSEC selected, click the Setup button on the main logon screen.

    Click Next until you get to the UserID screen.

    Click the Advanced Login Properties button.

    Make sure the it has IPSEC.

  1. 31  Andrew  | 12/16/2006 7:01:31 PM

    Hi,

    I have AT&T Network Client. I can connect to the server but cannot authenticate or talk to the server by wireless connection.

  1. 32  Jenn  | 12/27/2006 7:11:20 PM

    Joel Wheeler - thanks for the tip! I can connect now :)

  1. 33  DD  | 1/2/2007 3:42:17 PM

    Now heres a question, anyone know how to get the AT&T dialer to work without the NET Firewall Service? Or at lease somehow open ports on it? If I have it enabled I can't use any software KVMs or even print to my local printers.

  1. 34  Ravi http://ibm.com | 1/19/2007 8:33:32 PM

    Venkat Swamy, you are awesome. Thank you.

  1. 35  Sid  | 1/26/2007 8:57:37 PM

    Thanks for the solution. I use the same IBM AT&T client and coudn't use is without disabling my hardware firewall. But I has to change another setting in th eclient. I changed it to ssl in stead of IPSEC and it worked. Now I am happy that I don't have to disable my hardware firewall. Thank you all a lot

  1. 36  Toby  | 2/24/2007 4:19:24 AM

    Hi,

    I'm also having the loop problem and none of the solutions suggested above work for me :(

    What I did is:

    - Disable Firewall

    - Open all ports

    I selected "Both the internet and my company's intranet" but neither SSL nor IPsec worked.

    Furthermore, I chose override defaults in the AT&T preferences, deselected "Negotiate UDP encapsulation..." and changed the VPN MTU Size to 1370. None of the above changed anything and I still ended up in the loop of negotiating, authenticating, etc...

    After some time the program simply crashes.

    AGN Virtual is my first connection in advanced settings and I am trying to connect via cable. Net firewall service is checked as well...

    What else can I try? Is there an opportunity to downgrade to the previous client via the internet (have no access to intranet right now)

    Thanks a lot for your suggestions!! I am getting desperate...

  1. 37  AJH  | 3/14/2007 3:59:14 AM

    Followed many of the instructions above to no avail - then realised rather dumbly that I needed to change the setting within my Integrity network Firewall to set the network within the Trusted Zone. The AT&T Client then connected immediately.

  1. 38  Jure Motusic http://www.aboogy.com | 3/19/2007 10:23:12 AM

    Solved. Only solution that works for me was to download new client directly from AT&T. Version that works is 6.9. Here is link: https://help.attbusiness.net/index.cfm?fuseaction=downloads.home

    Before install, write down your account id, your ID and password , of course.

    Best regards

    Jure Motusic

    www.aboogy.com

  1. 39  Juanex  | 6/8/2007 9:27:00 AM

    Venkat, u rule. thanks you very very much!

  1. 40  Andrew  | 9/27/2007 2:27:45 PM

    I had a similer problem. AT&T would actually connect but very few things would work, w3 would load but none of the links would work, sametime didn't work either. ravi's suggestion of setting AGN as the first connection listed in the Advanced Settings of network connections worked for me - Nice one Ravi!

  1. 41  Prashul  | 10/13/2007 10:33:23 AM

    Venkat rules in 2007 too. I had this DLINK WBR1310 and since I installed it could not connect to IBM. Client VPN worked like a charm. I was looking at the wrong place with searches like DLINK &ATT Client etc...Today the bulb lit and I hit ATT Client ports and got here. Venkats solution worked just like that!

  1. 42  fellow ibmer  | 12/31/2007 8:00:29 AM

    i face another problem i could connect through cable connection and tried to set it up for the wireless, but somehow the cable connection failed... i reverted to my older settings but it didn't help...has someone any suggestion pls?

  1. 43  Rob McAuley  | 5/19/2008 7:27:26 AM

    Was running into this when I set up a new dlink router. Was getting TWINGE ATTACK Detect - Packet Dropped errors.

    Venkat's setting fixed it immediately.

    Thanks!

  1. 44  Catherine Lord  | 4/17/2009 6:48:07 PM

    still great advice in 2009 ... thanks for the posting. Venkat + Joel's posting fixed it. AT&T 5.09.2 just decided to stop for a few days out of the blue. (Had to override defaults in the AT&T preferences, deselected "Negotiate UDP encapsulation...", changed the VPN MTU Size to 1370, checked Net Firewall in BOTH AGN and Wireless Network properties). thanks again !

  1. 45  Sam  | 7/6/2009 12:08:07 PM

    Hi guys,

    I use ATT 5.09.2. When I am connected from home using ATT, I can access w3 site. However, I am unable to access Notes servers or logon to sametime. I am in Canada geo and here are my settings.

    OS – XP professional

    Network – Both internet and intranet; Managed VPN – SSL Dual access.

    Any geeky tricks for me to get through this problem?

    Thanks!

  1. 46  marty_IBM  | 7/22/2009 5:35:49 PM

    hello All , & Sam fellow worker

    Sam, being part of the same family, I had similar prbl ....and fixed it by port-forwarding 500 and 4500 to my workstation , and Uncheck the "Negotiate UDP encapsulation with VPN server for NAT traversal"...doing so got rid of "negotioating vpn encryption key with server" loop, and gave me access to Notes, Sametime and all w3 ressources...feel free to ask for support : mfortie@ ...you know the rest !!! ( fyi : I'm on the AC account @ 55th Ave ) cheers !! good luck !

  1. 47  Robert Duca  | 8/17/2009 8:38:29 AM

    Option 9 above worked like a charm!!!! Using wbr-1310 and once I unchecked the "Negotiate UDP encapsulation with VPN server for NAT traverasal"!!!! THANK YOU!!!!!!

  1. 48  Deborah  | 8/17/2009 9:39:12 PM

    After converting to new cable system and NetGear router I had very intermittent connection thru ATT client. Spent about 5 hours on 3 tech support calls in 2 days. Venkat's solution to uncheck UDP encapsulation seems to have worked. Connection speed is blazing fast and I have complete functionality so far. What a relief. I can cancel deskside support tomorrow... probably wouldn't have helped anyway. Thanks Ed for this forum and Venkat for solution!

  1. 49  Greg  | 12/3/2009 3:58:02 PM

    Venkat,

    You saved me from possibly having to be stuck in the office. Where do I send your check? ;-)