I've gotten an Avaya 9620 phone to use it's internal IPSEC vpn client to register and make calls successfully.
The problem is that I needed to disable the H.323 ALG for it to register successfully. However we need the ALG to utilize a Polycom RMX video conference bridge over NAT port translation.
Is there a way for me to exclude the Avaya VPN phone from the H.323 ALG?
There is a specific IP range that is sepaerate from the rest of the network. The policy (Untrust to Internal) for the VPN phone to tunnel the traffic is at the bottom of the inbound list. There's also a policy at the top of the outbound list to tunnel the traffic outward to that IP range.
This is an SRX 240 chassis cluster running 11.4R7.5