• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 637
  • Last Modified:

Avaya IP phone over VPN

Trying to troubleshoot IP phone over VPN. I have it working perfectly over raw internet but fails behind home router (netgear n600). I have tested behind a couple routers. I get the following on the Office FW in vpn logs:

013 Oct 17 21:10:38 [FVS336GV2] [IKE] ISAKMP-SA established for 66.???.???.178[500]-72.???.???.148[2070] with spi:72bf3460b4b9c3de:dc96cb77e46af93c_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 72.???.???.148[2070]_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 66.???.???.178[500]_
2013 Oct 17 21:10:28 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] For 72.???.???.148[2070], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
                - Last output repeated 2 times -
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Beginning Aggressive mode._
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 66.???.???.178[500]<=>72.???.???.148[2070]_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Remote configuration for identifier "fvsremote.com" found_

I have opened UDP 4500 / TCP 500

Thanks!
0
SNCSD
Asked:
SNCSD
  • 2
  • 2
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

Over VPN you say, is it protected by IPSEC? need to ask because it doesnt go well when NAT is enabled. You should look into NAT-T. Read some about it here.
0
 
SNCSDAuthor Commented:
I will look into it. was there supposed to be a link?

Thanks,,
J
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi J.

Hmm that didn't went as planned, the link is here. Discard the fact it discusses Juniper hardware.
0
 
SNCSDAuthor Commented:
Got me going in the right direction. unfortunately had to move on to other things before resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now