Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya 9650C VPN to Sonicwall TZ100

Status
Not open for further replies.
FLguy1002

FLguy1002

IS-IT--Management
Jan 18, 2011
7
0
0
US
Hello all,

I've been banging my head against the wall long enough, figured I'd see if I'm just missing the solution. For the life of me I cannot get the VPN to set up on the 9650C phone, but have it working on a multitude of other devices (iPads, android, etc.).

I'm using the L2TP server on the SonicOS 5.3 enhanced on a Sonicwall TZ100 UTM.

I've matched all the settings, but the problem is that it always fails Phase 2. The sonicwall log says that the payload failed verification after decryption, that it's a possible PSK mismatch. To my knowledge the settings match exactly, and since I have other devices, I think it's a peculiarity of the phone itself. Any ideas?

 
Sort by date Sort by votes
Is anything else using the WAN GroupVPN policy on the TZ100? If not here is what I would recommend.

Authentication Method: IKE using Preshared Secret
Proposals IKE
DH Group: 2
Encryption: AES-128
Authentication: MD5
Life Time: 432000

Proposals IPSec
Protocol: ESP
Encryption: AES-128
Authentication: MD5
Life Time: 432000

Advanced:
Uncheck Require authentication of VPN clients by XAUTH
Allow Unauthenticated VPN Access to: LAN Subnets

Clients:
Allow Connections to: This Gateway Only
Check Set Default Route as this Gateway


Kyle Holladay / IPOfficeHelp.com
ACSS & APSS Avaya SME Communications
APDS Avaya Data
MCP/MCTS Exchange 2007/2010
Adtran ATSA, Aruba ACMA

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford
 
Upvote 0 Downvote
The whole VPN thing makes my head hurt at the best of times, roll on R8 that's all I'll say :)

NTE-wave-logo-for-a4-header.jpg
 
Upvote 0 Downvote
Unfortunately the SIP softphones use the same router (iPhone, etc.).

So the settings are:

IKE using PSK

Phase 1:
DH: 2
Encrypt: 3DES
Auth: SHA1
Life: 28800

Phase 2:
Protocol: ESP
Encrypt: AES128
Auth: SHA1

No PFS
NetBIOS is enabled.
Authentication via XAUTH is required.

It works 'okay' for the iPhone. The only problem is sometimes it'll drop the connection randomly. The log on the sonicwall says that it received a PPP TERMINATE request from the client, which is confusing (but I thought unrelated to my issue).
 
Upvote 0 Downvote
then on the phone you'll need to use a different profile. I've had good luck wiht the Juniper profile working with SonicWALL and XAUTH. I have NOT had luck using the Generic profile with XAUTH.

Kyle Holladay / IPOfficeHelp.com
ACSS & APSS Avaya SME Communications
APDS Avaya Data
MCP/MCTS Exchange 2007/2010
Adtran ATSA, Aruba ACMA

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

g00s3
  • Locked
  • Question
Avaya IP office PRI through VPN 1
Replies
5
Views
111
g00s3
g00s3
dsm600rr
  • Locked
  • Question
Avaya J100 over Site-to-Site VPN, "SIP Proxy List is Empty" 2
Replies
1
Views
137
dsm600rr
dsm600rr
IamaSherpa
  • Question
New Avaya CEO 8
Replies
8
Views
1K
Westi
Westi
R
  • Question
Salesforce CTI plugin Avaya partner for Avaya IP Office
Replies
1
Views
269
dencom
dencom
JJ L
  • Locked
  • Question
Avaya question
Replies
1
Views
127
ipohead
ipohead

Part and Inventory Search

Sponsor

Back
Top