I have an AT&T M-Cell. It seems to want to use port 4500 UDP, but I see that other devices besides that M-Cell are able to use that port at the same time. I have an enforced outbound policy by Source IP for port 4500 UDP for WAN2, yet I have seen this device with its connection on WAN1. I have now set the enforced policy to just Source IP, and I continue to find this M-Cell device with an Active session from it to the internet on WAN1. How is that happening?
Whatever is going on is possibly causing dropped calls on my cellular. The M-Cell is a local cellular access point if you will. My house sits between two cellular towers and my phone constantly bounces from one to the other - which destroys my battery. The M-Cell maintains a strong enough signal to keep my phone from ever searching for another network.
Yes, the iPhone has Wifi calling, but it is programmed to prefer cellular. It will scan for cellular even while on Wifi for calling. When the M-cell connection craps out - it switches to Wifi calling - but it also wants to use UDP port 4500 - what is so sacred about this port? Why can’t I manage it like other ports?
Please check whether IPsec NAT-T was enabled.
If this was enabled, UDP 500, UDP 4500 and UDP 10000 will be forwarded to WAN1 by default. It has higher priority than the defined Outbound Policies.
Please disable it or enable Route IPsec Site-to-Site VPN to forward these 3 ports to the desired WAN.
Hope this help.
Thanks for the information. I read something about that on this forum, so I tried disabling NAT-T. I still had issues with dropped calls and “in and out” phone calls. The call would be fine for a few seconds, then nothing, then back to good, then nothing, repeat until dropped.
I have now enabled it back and swapped my WAN connections. We will see how it goes.
Is it not an issue that multiple devices are trying to use port 4500? In my experience - port sharing isn’t great for NAT. It is almost like every other packet would go to a black hole (or other network device)
I have a pair of Microcells on our network. I have used the following configuration to ensure both devices uses a specific WAN connection. This has worked for me since firmware 6.1.x.
I have the Microcells connected to a switchport configured as part my VoIP VLAN. My outbound policy includes a rule (Priority) directing the VoIP VLAN to use a specific WAN.
1 Like
I hadn’t even thought of adding second mcell. That is a marvelous idea. One mcell is capable of covering my livable space in my house, but just barely - and I am forced to keep the mcell in my central living room in order to do so. As a troubleshooting step, I have moved it into my office which leaves the other side of the house absent of coverage.
Adding a second mcell would help with covering my living areas without needing to put another device in the living room.
Have you had any troubles with signal interference between the two mcells? Did AT$T give you a hard time about having multiple? Are there any kwirks using the ATT management utilities with multiple devices? Or is it just set it and forget it?
Thank you for your post. It made a lightbulb turn on over my head. 
