Re: EdgeRouter with Avaya H.323 VPN remote phones

Nope, nothing special to make the phone work on my end. I have observed the condition you are referring to once or twice, but I just wrote it off as transient network issues.  I believe its trying to TFTP a config file from a tftp server during that discover x.x.x.x phase, but may be wrong.

However I can't speak to any special configuration at the far end VPN concentrator that the phone conects to.

Here are my rules for the guest network the phone resides on:

    name GUEST_IPv4_IN {
        default-action drop
        description "GUEST to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 1000 {
            action drop
            description "Drop traffic to internal subnets"
            destination {
                group {
                    network-group RFC1918
                }
            }
            log enable
        }
        rule 9999 {
            action drop
            description "Log and drop everything else"
            log enable
        }
    }
    name GUEST_IPv4_LOCAL {
        default-action drop
        description "GUEST to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "Allow ICMP Echo Request"
            icmp {
                type-name echo-request
            }
            protocol icmp
        }
        rule 40 {
            action accept
            description "Allow ICMP Destination Unreachable"
            icmp {
                type-name destination-unreachable
            }
            protocol icmp
        }
        rule 50 {
            action accept
            description "Allow ICMP Time Exceeded"
            icmp {
                type-name time-exceeded
            }
            protocol icmp
        }
        rule 60 {
            action accept
            description "Allow DNS traffic to router"
            destination {
                port 53
            }
            protocol udp
        }
        rule 70 {
            action accept
            description "Allow NTP traffic to router"
            destination {
                port 123
            }
            protocol udp
        }
        rule 80 {
            action accept
            destination {
                port 67
            }
            protocol udp
            source {
                port 68
            }
        }
        rule 9999 {
            action drop
            description "Log and drop everything else"
            log enable
        }
    }

And my only nat rule:

 rule 5150 {
     description "RED Masquerade"
     log disable
     outbound-interface switch0.10
     protocol all
     type masquerade
 }