Avaya IP phone over VPN

Posted on 2013-10-23
Last Modified: 2013-11-20
Trying to troubleshoot IP phone over VPN. I have it working perfectly over raw internet but fails behind home router (netgear n600). I have tested behind a couple routers. I get the following on the Office FW in vpn logs:

013 Oct 17 21:10:38 [FVS336GV2] [IKE] ISAKMP-SA established for 66.???.???.178[500]-72.???.???.148[2070] with spi:72bf3460b4b9c3de:dc96cb77e46af93c_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 72.???.???.148[2070]_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 66.???.???.178[500]_
2013 Oct 17 21:10:28 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] For 72.???.???.148[2070], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
                - Last output repeated 2 times -
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Beginning Aggressive mode._
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 66.???.???.178[500]<=>72.???.???.148[2070]_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Remote configuration for identifier "" found_

I have opened UDP 4500 / TCP 500

Question by:SNCSD
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 22

Expert Comment

by:Patrick Bogers
ID: 39595225

Over VPN you say, is it protected by IPSEC? need to ask because it doesnt go well when NAT is enabled. You should look into NAT-T. Read some about it here.

Author Comment

ID: 39595261
I will look into it. was there supposed to be a link?

LVL 22

Accepted Solution

Patrick Bogers earned 500 total points
ID: 39595268
Hi J.

Hmm that didn't went as planned, the link is here. Discard the fact it discusses Juniper hardware.

Author Closing Comment

ID: 39665008
Got me going in the right direction. unfortunately had to move on to other things before resolved.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question