The VPN Gateway has two USB connections on the back of the device and an optional internal cellular modem. The cellular connection allows VPN or basic Internet access from locations where wireline broadband is unavailable (or interrupted) and dial is considered too slow or expensive an option.

The VPN Gateway treats cellular connections similar to third-party broadband. AT&T is not involved in the procurement, fulfillment, network authentication, or billing for cellular connectivity as part of the service, unless such bundling is provided as part of a special bid. USB modems must be acquired independently and will be billed directly by your cellular provider. Your cellular data usage will include both your VPN usage and tunnel maintenance (tunnel heartbeats).

We have the following estimates to show how much traffic is sent over an idle VPN Gateway tunnel to an ANIRA tunnel server and proactive monitoring has been enabled. Other tunnel servers may send more or less data. You must add your expected VPN traffic to the transmission rates for an accurate representation of your expected cellular data usage.

In the VPN Gateway configuration profile the cellular connection overrides were set to the following values:

• Idle Wait Time: 300 seconds
• Retransmit Interval: 20 seconds
• Max Retransmissions: 5
• WAN Test Interval: 310 seconds

Over a 4-day period the average amount of data sent and received was 150kB per day. Many new LTE-enabled modems require the IPSec tunnel to use NAT-T (NAT traversal) to function because the cellular ISPs do not provide NIC registered IP addresses and they do not perform an IPSec NAT. The NAT-T protocol encapsulates the IPSec traffic inside a UDP packet to make it NAT friendly. To keep the firewall ports open, the NAT-T protocol sends heartbeats every 15 seconds which results in a large amount of data being sent. The same test performed on a NAT-T IPSec tunnel averaged sending and receiving 800K per day.

AT&T is not responsible for maintenance and troubleshooting of cellular connectivity problems. The cellular credentials are authenticated by the cellular provider, and user ID, password and access phone number may need to be configured in the VPN Gateway on a provider-by-provider basis.