Good afternoon,

I was looking for some assistance on the following. Any help would be much appreciated!

I have two offices connected via an IPSec tunnel using DrayTek routers at each location. The HQ office has a dedicated 100Mb leased line managed by a Draytek Vigor 2926n, while the satellite office utilizes a Starlink connection offering download speeds up to 150Mb and upload speeds of 10-20Mb, managed by DrayTek Vigor2860n.

The tunnel functions properly, allowing ping and communication between both offices without issues. For example, client computers in the satellite office can connect to servers in the HQ office, and CCTV IP cameras in the satellite office connect and work seamlessly through the tunnel to an NVR/Server in the HQ office.

However, we've encountered problems getting a few older Mitel 5330 IP handsets in the satellite office to function correctly. They are unable to communicate properly over the tunnel to the legacy VoIP system/PBX MiVoice 250 server located in the HQ office.

While I can ping the handsets and the VoIP server across the tunnel, the handsets in the satellite office get stuck in a "contacting server" loop or briefly display extensions before reverting back to "contacting server."

We've achieved a workaround by NATing the handsets and opening various ports on the HQ firewall to the phone server. However, since the satellite office uses Starlink and has a dynamic IP, we cannot restrict the open ports to a specific public IP address, creating a security concern.

Can anyone offer guidance or suggestions on securing our current NAT workaround or getting the handsets to function properly through the IPSec tunnel?

Cheers!

Trevor