IPSEC VPN with same remote peer IP - Only 1 remote connection at a time

Asked Aug 31 '14 at 10:54

Active Aug 31 '14 at 10:54

Viewed 750 times

I am using a Mikrotik router to connect multiple road warriors (Avaya phones) with IPSEC VPN behind the same WAN address.

The first phone connects fine, when the second phone connects the first phone looses network connectivity.

This is due to the policy that is generated, all road warriors will have the same peer address as they are NATed behind their router.

I believe this is by design of the Linux kernel on which Mikrotik runs.

Is there any work around to this by using a non-Linuux OS, i.e. do Sonicwall or Watchguard support multiple IPSEC VPN connections from remote nodes that share the same WAN ip address?

asked Aug 31 '14 at 10:54

morleyc

1,120
13
45
86

Could it be that your PBX software cannot distinguish between the phones? Is it an option to configure the phones to run IPsec NAT-T? – lacasitos Aug 31 '14 at 12:16
No - the network is transparent to the IP Phones - this is confirmed an issue/design of the Linux kernel identifying IPSEC peers by IP Address – morleyc Aug 31 '14 at 12:18

IPSEC VPN with same remote peer IP - Only 1 remote connection at a time

0 Answers0