5410 SW VPN Connection

[Goodassistant]

Does this require a vpn hardware on both sites? Or is it possible to make it happen with only 1 vpn router at the site of the ip office?

Thanks

 

[tlpeter]

You could do both.
If you set the 5610 up as a VPN phone then you need to have a license for it.
You need to be at 4.x at least but i am not sure whoch software level it starts.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 

[Goodassistant]

Thanks, i have only the vpn router setup at the office. Setting up a vpn-vpn is cake, but getting the 5410 sw to connect to the vpn is greek to me. I will continue the testing and see if i can get this to work.

 

[amriddle01]

It needs the 5610 IP not 5410 Digital to work and it needs flashing to diferent firmware to work and a licence

ACSS (SME)
APSS (SME)

http://www.ipoffice.tel

 

[tlpeter]

What router do you have ?


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 

[Goodassistant]

We have the RVS4000 setup at the site where the ip 500 running 4.x

 

[Goodassistant]

amriddle, its a 5610 SW Ip phone loaded with the vpn software from the avaya/bin directory. I belive i have 30 days to get a license, but do plan on getting one as soon as i get this to work.

 

[Goodassistant]

Almost there, keep getting error Wed, 2010-06-02 15:24:02 - [VPN Log]: packet from <my ip address>:500: initial Aggressive Mode message from <my ip address> but no (wildcard) connection has been configured

So close, but yet so far

Guess that's why i love my job, always a challenge.

 

[Goodassistant]

I need a little more expertise with this it seems. I setup the vpn at the office on a RVS4000, I can connect to it fine from home with a vpn client or windows vpn, both work fine. But when i try and connect with a 5610 SW IP phone, the phone gives me error IKE Phase 1 no response. On the vpn router log i get the error [VPN Log]: packet from <my ip address>:500: initial Aggressive Mode message from <my ip address> but no (wildcard) connection has been configured. Any tips or tricks i can try from anyone?

Thanks

 

[tlpeter]

You need to setup a ike policy and a vpn policy in the router.
Also you need to setup a user in the router.

You need to have some encryption algorithm in the router.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 

[kholladay]

Just a shot in the dark here but the "no wildcard" part would make me think that there is an issue with the default of 0.0.0.0 in the phone (under protected nets) isn't making the VPN concentrator happy. Perhaps you can change that to the specific network at the host site.

Kyle Holladay
ACSS SME Communications
ACE Implement: IP Office
MCP/MCTS Exchange 2007
Adtran ATSA, Aruba ACMA

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford

 

[Goodassistant]

Ok Thanks for the tip kholladay,

I have updated the settings and now reciving error policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD

I am searching what would cause this error.

Thanks

 

[Goodassistant]

On the setting IKE ID Type, What is this setting exactly? Also the setting IKE ID?

I assume the IKE ID Type should be set to KEY-ID?
and
I assume the IDE ID Type should be set to the Tunnel Name?