IPsec Mobile Client Can't Access Network



  • Hi,

    I have an IPsec connection setup for mobile clients (used for Avaya phones). Currently 1 phone is connected and everything works (phone gets ip, it can be pinged, and the phone logs in/makes calls). However, when I try and connect a second phone (same model), I connect to the VPN and get a different IP, but I am unable to ping this phone and it can't contact the phone server. Status -> IPsec shows the VPN is connected, a couple packets trying to go out, but 0 packets in. My config/settings below. Where did I go wrong?

    User Groups
    User - VPN: IPsec xauth Dialin
    User - VPN: L2TP Dialin
    User - VPN: PPPOE Dialin

    Phase 1
    Key Exchange Version: Auto
    Internet Protocol: IPv4
    Interface: WAN
    Description: mobile
    Auth Method: Mutual PSK + Xauth
    Negotiation: Aggressive
    My Identifieer: My IP address
    Peer identifier: User distinguished name
    Pre-Shared Key: xxxxxxx
    Encryption Alg: AES 128 SHA1 2(1024 bit)
    NAT: Auto

    Phase 2
    Mode: Tunnel IPv4
    Local Network: Network 0.0.0.0/0
    NAT: None
    Protocol: ESP
    Encryption Algorithms: AES 128
    Hash Alg: SHA1
    PFS: off

    Rules -> IPsec
    IPv4* * * * * *

    Networks
    LAN: 192.168.1.0/24
    Phone: 192.168.10/0
    IPsec: 192.168.9.0/24

    Mobile Clients
    User Auth: Local Database
    Group Auth: none
    Virtual Address Pool: 192.168.9.1/24



  • Is there a NAT rule to let mobile users to go out?
    Or they only use internal resources, thus not needing NAT?

    If there is a NAT rule to let this mobile users go out, can you confirm if the NAT is set to static, or dynamic ?


Log in to reply