A customer has an older Watchguard Firebox X500 Firewall/VPN Appliance and I was wondering if anyone had any luck programming these with a remote VPN phone such as a 5610SW? This will be hooking to to a 406V2 with the latest 4_2 binaries and VPN enabled IP phone binaries. I'd love to put in a NetGear which I've had success with, but they have plenty of port entries for Citrix and the like which they or we are a little concerned about replicating on the netgear. We think they need licenses for RUVPN purchased and maybe an OS upgrade for it for starters.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN Phones + Watchguard Firebox success stories? 2
- Thread starter IPOJIM
- Start date
-
1
- #2
dphoneguy24
Technical User
I have successfully installed VPN phones with a Watchguard X550e Firebox that is running 10.2.3. The X550e is licensed with Fireware Pro with up to 25 VPN IPSEC clients. Create a new VPN Client group for the IP phones and enter the users with the phones serial number or MAC address is what I have done.
On the phone, once the VPN firmware is loaded, you setup the phone using the profile "Juniper Xauth with PSK"
settings:
Server: IP Address of the Firewall
username: MAC or Serial or whatever
password: enter the password you created for the user in the Firebox
Group Name: VPNPHONE or whatever group you created
Group PSK: The PSK you created for the group
VPN Start Mode: Boot
Password type: Save in Flash
Encapsulation: 4500-4500
Syslog Server: Blank
IKE Param.: USER-FQDN
DH Group: 2
Encryption Alg.: Any
Authenticatin Alg.: Any
IKE Xchg Mode: Agressive
IKE Config Mode: Enable
XAuth: Enable
Cert Expiry Check: Disable
Cert DNCheck: Disable
dphoneguy24
On the phone, once the VPN firmware is loaded, you setup the phone using the profile "Juniper Xauth with PSK"
settings:
Server: IP Address of the Firewall
username: MAC or Serial or whatever
password: enter the password you created for the user in the Firebox
Group Name: VPNPHONE or whatever group you created
Group PSK: The PSK you created for the group
VPN Start Mode: Boot
Password type: Save in Flash
Encapsulation: 4500-4500
Syslog Server: Blank
IKE Param.: USER-FQDN
DH Group: 2
Encryption Alg.: Any
Authenticatin Alg.: Any
IKE Xchg Mode: Agressive
IKE Config Mode: Enable
XAuth: Enable
Cert Expiry Check: Disable
Cert DNCheck: Disable
dphoneguy24
![[glasses]](/data/assets/smilies/glasses.gif "[glasses] [glasses]")
- Thread starter
- #4
i have an avaya 4621sw ip phone that i'm testing from my house and would like this to connect to our company's IP500 PBX via IPsec VPN.
are there any TCP ports to open in my home broadband router to get the Avaya 4621sw IP Phone VPN to work?
At the office, we have watchguard x550e running fireware 10.2.7 ....there's only 1 mobile VPN IPSEC policy...and remote users can vpn to the office without any problem using their home PC.
we've installed VPN phone licenses in our IP500 PBX already.
when trying to connect the avaya ip phone from home, this message appers on screen;
Time Elapsed: 89 seconds
'Exchanging keys
server: ip address of company gateway
Encapsulation Method: 0
and then...second screen appears
"UNKNOWN VPN SETUP ERROR"
I have used the same settings that dphoneguy24 used above.
is there anything that needs to be done still at the Watcguard side, home router? or IP office IP500(4.2) ?
are there any TCP ports to open in my home broadband router to get the Avaya 4621sw IP Phone VPN to work?
At the office, we have watchguard x550e running fireware 10.2.7 ....there's only 1 mobile VPN IPSEC policy...and remote users can vpn to the office without any problem using their home PC.
we've installed VPN phone licenses in our IP500 PBX already.
when trying to connect the avaya ip phone from home, this message appers on screen;
Time Elapsed: 89 seconds
'Exchanging keys
server: ip address of company gateway
Encapsulation Method: 0
and then...second screen appears
"UNKNOWN VPN SETUP ERROR"
I have used the same settings that dphoneguy24 used above.
is there anything that needs to be done still at the Watcguard side, home router? or IP office IP500(4.2) ?
I have been struggling with this. I have created a group VPNPHONES setup the IPSEC settings to match the above posts. I created a user account for the phone. These are all done local on the phone.
On the VPN Phone I matched the config above and I hang at exchanging keys. In the Watchguard Logs it shows Phase1 as completed, but the phone stays at exchanging keys until it give an Unknown VPN error.
Any thoughts on what I could possibly doing wrong?
On the VPN Phone I matched the config above and I hang at exchanging keys. In the Watchguard Logs it shows Phase1 as completed, but the phone stays at exchanging keys until it give an Unknown VPN error.
Any thoughts on what I could possibly doing wrong?
- Status
Similar threads
