• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 619
  • Last Modified:

Avaya IP phone over VPN

Trying to troubleshoot IP phone over VPN. I have it working perfectly over raw internet but fails behind home router (netgear n600). I have tested behind a couple routers. I get the following on the Office FW in vpn logs:

013 Oct 17 21:10:38 [FVS336GV2] [IKE] ISAKMP-SA established for 66.???.???.178[500]-72.???.???.148[2070] with spi:72bf3460b4b9c3de:dc96cb77e46af93c_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 72.???.???.148[2070]_
2013 Oct 17 21:10:38 [FVS336GV2] [IKE] NAT-D payload does not match for 66.???.???.178[500]_
2013 Oct 17 21:10:28 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] For 72.???.???.148[2070], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
                - Last output repeated 2 times -
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received unknown Vendor ID_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Beginning Aggressive mode._
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 66.???.???.178[500]<=>72.???.???.148[2070]_
2013 Oct 17 21:10:27 [FVS336GV2] [IKE] Remote configuration for identifier "fvsremote.com" found_

I have opened UDP 4500 / TCP 500

Thanks!
0
SNCSD
Asked:
SNCSD
  • 2
  • 2
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

Over VPN you say, is it protected by IPSEC? need to ask because it doesnt go well when NAT is enabled. You should look into NAT-T. Read some about it here.
0
 
SNCSDAuthor Commented:
I will look into it. was there supposed to be a link?

Thanks,,
J
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi J.

Hmm that didn't went as planned, the link is here. Discard the fact it discusses Juniper hardware.
0
 
SNCSDAuthor Commented:
Got me going in the right direction. unfortunately had to move on to other things before resolved.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now