We have an Avaya phone system that is functioning well across our site to site IPSEC VPNs all using mikrotik routers. We have been asked to setup a phone for a home user that has a dynamic IP. After talking to the Avaya phone guys I learned that you can setup a VPN directly with the phone even if the phone side has a dynamic IP, and there are instructions for Cisco, sonicwall, etc. We tried to get this setup to VPN to the mirotik without success. I am unsure of the proper settings for the IPSEC vpn (it has to be pure ipsec, l2tp is not supported) on the mikrotik because of the lack of static address on the phone side. Has anyone setup a VPN from a mikrotik directly to an AVAYA phone with out a static address on the phone side? Thanks in advance!
Hi, I’m about to setup a Vpn from avaya directly to mikrotik like you wanted. Have you been successful in the end?
I will try to use ipec psk xauth, as this is the standard I used with my old Cisco router.
Any knowledge is appreciated. 
Instead of using the phone’s VPN client, why don’t you set up an SBC on a public IP with your telephony servers (or port forward to it) and set the phone up to use SIP-TLS and SRTP…you’ll achieve effectively the same thing…all RTP and signaling from the phone to any endpoint behind the SBC will be encrypted using TLS.
@mpreissner, you are correct, that is a solution I haven´t thought off.
But I was hoping to also pass the data vlan to my clients laptop behind the phone. So I thought I would get a fully functional external workstation without the need of a secondary vpn router.
@mpreissner, you are correct, that is a solution I haven´t thought off.
But I was hoping to also pass the data vlan to my clients laptop behind the phone. So I thought I would get a fully functional external workstation without the need of a secondary vpn router.
Passing the data of the PC-port through the VPN of the phone is not supported by AVAYA, AFAIK.