?
Solved

Avaya IP phone over VPN

Posted on 2013-10-23
4
Medium Priority
?
613 Views
Last Modified: 2013-11-20
Trying to troubleshoot IP phone over VPN. I have it working perfectly over raw internet but fails behind home router (netgear n600). I have tested behind a couple routers. I get the following on the Office FW in vpn logs:

013 Oct 17 21:10:38 [FVS336GV2] [IKE] ISAKMP-SA established for 66.???.???.178[500]-72.???.???.148[2070] with spi:72bf3460b4b9c3de:dc96cb77e46af93c_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 72.???.???.148[2070]_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 66.???.???.178[500]_
2013 Oct 17 21:10:28 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] For 72.???.???.148[2070], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
                - Last output repeated 2 times -
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Beginning Aggressive mode._
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 66.???.???.178[500]<=>72.???.???.148[2070]_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Remote configuration for identifier "fvsremote.com" found_

I have opened UDP 4500 / TCP 500

Thanks!
0
Comment
Question by:SNCSD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39595225
Hi

Over VPN you say, is it protected by IPSEC? need to ask because it doesnt go well when NAT is enabled. You should look into NAT-T. Read some about it here.
0
 

Author Comment

by:SNCSD
ID: 39595261
I will look into it. was there supposed to be a link?

Thanks,,
J
0
 
LVL 23

Accepted Solution

by:
Patrick Bogers earned 1500 total points
ID: 39595268
Hi J.

Hmm that didn't went as planned, the link is here. Discard the fact it discusses Juniper hardware.
0
 

Author Closing Comment

by:SNCSD
ID: 39665008
Got me going in the right direction. unfortunately had to move on to other things before resolved.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question