IPsec Mobile Client Can't Access Network

DamnYouKids

Hi,

I have an IPsec connection setup for mobile clients (used for Avaya phones). Currently 1 phone is connected and everything works (phone gets ip, it can be pinged, and the phone logs in/makes calls). However, when I try and connect a second phone (same model), I connect to the VPN and get a different IP, but I am unable to ping this phone and it can't contact the phone server. Status -> IPsec shows the VPN is connected, a couple packets trying to go out, but 0 packets in. My config/settings below. Where did I go wrong?

User Groups
User - VPN: IPsec xauth Dialin
User - VPN: L2TP Dialin
User - VPN: PPPOE Dialin

Phase 1
Key Exchange Version: Auto
Internet Protocol: IPv4
Interface: WAN
Description: mobile
Auth Method: Mutual PSK + Xauth
Negotiation: Aggressive
My Identifieer: My IP address
Peer identifier: User distinguished name
Pre-Shared Key: xxxxxxx
Encryption Alg: AES 128 SHA1 2(1024 bit)
NAT: Auto

Phase 2
Mode: Tunnel IPv4
Local Network: Network 0.0.0.0/0
NAT: None
Protocol: ESP
Encryption Algorithms: AES 128
Hash Alg: SHA1
PFS: off

Rules -> IPsec
IPv4* * * * * *

Networks
LAN: 192.168.1.0/24
Phone: 192.168.10/0
IPsec: 192.168.9.0/24

Mobile Clients
User Auth: Local Database
Group Auth: none
Virtual Address Pool: 192.168.9.1/24

mcury

Is there a NAT rule to let mobile users to go out?
Or they only use internal resources, thus not needing NAT?

If there is a NAT rule to let this mobile users go out, can you confirm if the NAT is set to static, or dynamic ?