Issue with Nortel type VPN on Avaya IP Phone through pfsense
-
I'm trying to get an Avaya 9650 IP phone that is using a Nortel VPN client to work properly through my pfsense 1.2.3-RELEASE firewall. I'd previously had a different Avaya phone (with different VPN client?) that was working but the far side setup has changed.
It appears that the VPN negotiation works properly and the phone downloads a couple of configuration files from the far side but then when it attempts to connect to the call server it gets no further. When used w/o a firewall or a different NAT firewall it works so it seems specific to pfsense.
When I ran a packet trace I see early on an ARP request by the phone for the pfsense IP address and a corresponding reply, but then the last packet in the trace is a second reply to the ARP request without a second corresponding ARP request. Is that strange ? I see no droped packets in the firewall log.
Any ideas what might be going on ?
Thanks,
EliotHere is the packet trace summary:
No. Time Source Destination Protocol Length Info
3 2.581874 10.0.2.245 192.193.216.4 ISAKMP 472 Aggressive
4 2.683086 192.193.216.4 10.0.2.245 ISAKMP 344 Aggressive
5 3.087985 10.0.2.245 192.193.216.4 ISAKMP 94 Aggressive
6 3.147960 192.193.216.4 10.0.2.245 ISAKMP 110 Transaction (Config Mode)
7 3.150465 10.0.2.245 192.193.216.4 ISAKMP 166 Transaction (Config Mode)
8 3.209853 192.193.216.4 10.0.2.245 ISAKMP 118 Transaction (Config Mode)
9 3.212791 10.0.2.245 192.193.216.4 ISAKMP 126 Transaction (Config Mode)
10 3.736881 192.193.216.4 10.0.2.245 ISAKMP 102 Transaction (Config Mode)
11 3.757858 192.193.216.4 10.0.2.245 ISAKMP 198 Transaction (Config Mode)
12 3.760025 10.0.2.245 192.193.216.4 ISAKMP 142 Transaction (Config Mode)
13 3.825028 192.193.216.4 10.0.2.245 ISAKMP 422 Quick Mode
14 4.567709 10.0.2.245 192.193.216.4 ISAKMP 358 Quick Mode
15 4.628995 192.193.216.4 10.0.2.245 ISAKMP 94 Quick Mode
16 13.994948 Avaya_49:45:12 Broadcast ARP 60 Who has 10.0.2.1? Tell 10.0.2.245
17 13.994995 PcEngine_17:ee:e4 Avaya_49:45:12 ARP 60 10.0.2.1 is at 00:0d:b9:17:ee:e4
18 13.996978 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
19 15.781726 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
20 17.702631 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
21 19.622879 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
22 21.543897 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
23 23.464025 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
24 27.185608 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
25 33.740296 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
26 33.982560 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
27 33.984650 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
28 33.986504 10.0.2.245 192.193.216.4 ESP 262 ESP (SPI=0x84bd6792)
29 34.049106 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
30 34.091268 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
31 34.091373 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
32 34.099488 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
33 34.160473 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
34 34.160535 192.193.216.4 10.0.2.245 ESP 486 ESP (SPI=0x22def59f)
35 34.166580 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
36 34.167807 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
37 34.226644 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
38 38.422016 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
39 38.664281 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
40 38.665918 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
41 38.667618 10.0.2.245 192.193.216.4 ESP 262 ESP (SPI=0x84bd6792)
42 38.731263 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
43 38.778621 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
44 38.778723 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
45 38.787363 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
46 38.846774 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
47 38.846872 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
48 38.846994 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
49 38.858378 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
50 38.919030 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
51 38.919132 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
52 38.919523 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
53 38.919632 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
54 38.934706 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
55 39.003023 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
56 39.003115 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
57 39.003226 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
58 39.003525 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
59 39.003626 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
60 39.022372 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
61 39.082341 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
62 39.082441 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
63 39.082834 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
64 39.082941 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
65 39.083052 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
66 39.083385 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
67 39.104360 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
68 39.163708 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
69 39.163805 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
70 39.164033 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
71 39.164351 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
72 39.164692 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
73 39.164959 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
74 39.165026 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
75 39.188427 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
76 39.247833 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
77 39.248307 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
78 39.248411 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
79 39.248535 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
80 39.248806 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
81 39.248917 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
82 39.249023 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
83 39.249351 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
84 39.275505 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
85 39.334326 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
86 39.334429 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
87 39.334550 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
88 39.334819 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
89 39.334927 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
90 39.335044 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
91 39.335344 192.193.216.4 10.0.2.245 ESP 1302 ESP (SPI=0x22def59f)
92 39.335409 192.193.216.4 10.0.2.245 ESP 870 ESP (SPI=0x22def59f)
93 39.360412 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
94 39.362011 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
95 39.363089 10.0.2.245 192.193.216.4 ESP 118 ESP (SPI=0x84bd6792)
96 39.436403 192.193.216.4 10.0.2.245 ESP 118 ESP (SPI=0x22def59f)
97 43.128370 PcEngine_17:ee:e4 Avaya_49:45:12 ARP 60 10.0.2.1 is at 00:0d:b9:17:ee:e4