R600VPN IPSec tunnel blocking certain ports after some time of operation
I have a IPSec VPN tunnel between 2 R600VPN. Both are behind a NAT router. One NAT router has port forwarding to allow incoming IPSec connections.
The local LAN is connected to a PBX. The remote LAN has VoIP phones installed.
IPSec routing worked fine for weeks.
These VoIP phones register to the PBX using source port 5060, 5062, 5064... and destination port 5060.
All of a sudden the remote VoIP phones would not use source port 5060, 5062, 5064 but 1064, 1066....
I assume this is because the phones could not complete registration. Therefore they tried a different port (range). Registering took much longer than normal. Apparently there were registration failures which caused the VoIP phones to use a different range.
Unfortunately this affected VoIP functionality.
Then I rebooted the R600 at the PBX end. Immediately the remote VoIP phones were registering again using the standard source port.
Needless to say before rebooting the R600 I tried everything with the VoIP phones and the PBX. Reboot, factory reset, different phone. No avail. Source port 5060 was not used.
Until the reboot of the R600. Then 5060 was used again. Immediately. And registering went fast as before.
Except for rebooting PBX and phones, I did not reboot or change anything on the LANs on both sides.
So, is there something that the R600 VPN cannot allow a certain number of connections from the same source ports? The number of devices is only 6. But I assume numerous times a VoIP re-registers, or reconnects through the VPN.
It looks like a table in the VPN router was filled up. And new connections with source port 5060 were denied. Is such a thing possible?