• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPsec Mobile Client Can't Access Network

Scheduled Pinned Locked Moved IPsec
2 Posts 2 Posters 373 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DamnYouKids
    last edited by Mar 14, 2019, 8:57 PM

    Hi,

    I have an IPsec connection setup for mobile clients (used for Avaya phones). Currently 1 phone is connected and everything works (phone gets ip, it can be pinged, and the phone logs in/makes calls). However, when I try and connect a second phone (same model), I connect to the VPN and get a different IP, but I am unable to ping this phone and it can't contact the phone server. Status -> IPsec shows the VPN is connected, a couple packets trying to go out, but 0 packets in. My config/settings below. Where did I go wrong?

    User Groups
    User - VPN: IPsec xauth Dialin
    User - VPN: L2TP Dialin
    User - VPN: PPPOE Dialin

    Phase 1
    Key Exchange Version: Auto
    Internet Protocol: IPv4
    Interface: WAN
    Description: mobile
    Auth Method: Mutual PSK + Xauth
    Negotiation: Aggressive
    My Identifieer: My IP address
    Peer identifier: User distinguished name
    Pre-Shared Key: xxxxxxx
    Encryption Alg: AES 128 SHA1 2(1024 bit)
    NAT: Auto

    Phase 2
    Mode: Tunnel IPv4
    Local Network: Network 0.0.0.0/0
    NAT: None
    Protocol: ESP
    Encryption Algorithms: AES 128
    Hash Alg: SHA1
    PFS: off

    Rules -> IPsec
    IPv4* * * * * *

    Networks
    LAN: 192.168.1.0/24
    Phone: 192.168.10/0
    IPsec: 192.168.9.0/24

    Mobile Clients
    User Auth: Local Database
    Group Auth: none
    Virtual Address Pool: 192.168.9.1/24

    1 Reply Last reply Reply Quote 0
    • M
      mcury
      last edited by Mar 16, 2019, 8:38 AM

      Is there a NAT rule to let mobile users to go out?
      Or they only use internal resources, thus not needing NAT?

      If there is a NAT rule to let this mobile users go out, can you confirm if the NAT is set to static, or dynamic ?

      dead on arrival, nowhere to be found.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received