-
5
- #1
IPOfficeGuru
IS-IT--Management
For my Avaya Business partner peers seeking a viable 96xx VPN remote phone solution...
New Sonicwall 5.9 now has IKE config mode process specifically for Avaya IP Phones (and other ike/xauth devices like iPhones etc).
First, in the Sonicwall, under 'Network -> Address Objects', create an 'IP Pool for clients' range of addresses.
(i.e. 'Avaya_Phones', range 192.168.1.10-192.168.1.20), assign this range to the the VPN Zone.
This IP Pool of addresses become the individual virtual adapters, which the Sonciwall assigns to the Avaya phones during the IKE process.
The range should NOT be on the same class 'c' network that the IP Office resides on. It can be any class 'c' you wish to make up.
This is the new part;
Next, in the Sonicwall config, VPN-> Settings ->'WAN Group VPN', under advanced tab, ENABLE 'IKE config' mode checkbox.
Make sure to choose the 'IP Pool for clients' as the 'Avaya_Phones' in the pull down.
As i stated, the 'IP Pool for clients' becomes the virtual adapter which the Sonciwall assigns to the Avaya VPN phone to route traffic.
Also, you will need to create a 'local user' with 'Trusted User' and under the VPN Tab allow access to the LAN Subnets .
The username and password are used in the PSK with XAUTH for the VPN negotiation with phone.
On the Avaya 96xx sets, we have been using the PSK with XAUTH for VPN. Under the phase 2 negotiation make sure you enter the protected network that the IP Office resides on, not the 'IP Pool for clients' you define above on the Sonicwall.
In the last month, we have deployed to 4 customer sites with no issues.
Tech TIP 190 is dated, but provides a good background as to Sonicwall/Avaya phone programming with exception to the new 'IKE Config' feature I have outlined above.
Footnote: We don't recommend utilization of direct H.323 deployments to customers. Too many open ports for safe use.
"Never fear billing a client for services rendered, or they will think your time is worthless"
New Sonicwall 5.9 now has IKE config mode process specifically for Avaya IP Phones (and other ike/xauth devices like iPhones etc).
First, in the Sonicwall, under 'Network -> Address Objects', create an 'IP Pool for clients' range of addresses.
(i.e. 'Avaya_Phones', range 192.168.1.10-192.168.1.20), assign this range to the the VPN Zone.
This IP Pool of addresses become the individual virtual adapters, which the Sonciwall assigns to the Avaya phones during the IKE process.
The range should NOT be on the same class 'c' network that the IP Office resides on. It can be any class 'c' you wish to make up.
This is the new part;
Next, in the Sonicwall config, VPN-> Settings ->'WAN Group VPN', under advanced tab, ENABLE 'IKE config' mode checkbox.
Make sure to choose the 'IP Pool for clients' as the 'Avaya_Phones' in the pull down.
As i stated, the 'IP Pool for clients' becomes the virtual adapter which the Sonciwall assigns to the Avaya VPN phone to route traffic.
Also, you will need to create a 'local user' with 'Trusted User' and under the VPN Tab allow access to the LAN Subnets .
The username and password are used in the PSK with XAUTH for the VPN negotiation with phone.
On the Avaya 96xx sets, we have been using the PSK with XAUTH for VPN. Under the phase 2 negotiation make sure you enter the protected network that the IP Office resides on, not the 'IP Pool for clients' you define above on the Sonicwall.
In the last month, we have deployed to 4 customer sites with no issues.
Tech TIP 190 is dated, but provides a good background as to Sonicwall/Avaya phone programming with exception to the new 'IKE Config' feature I have outlined above.
Footnote: We don't recommend utilization of direct H.323 deployments to customers. Too many open ports for safe use.
"Never fear billing a client for services rendered, or they will think your time is worthless"
