MikeThatPhoneGuy
Programmer
I have been trying to interface a 9608G (firmware v6.6.401) to a Cisco RV042G VPN Router (firmware v4.2.3.10) for some time.
The phone VPN setup and the router IKE setup match (PSK, DH2, 3DES, SHA1, etc.).
When trying to connect, the phone times out (13 seconds, "IKE Phase 1 failure" after DHCP, Exch keys, etc.)
A Wireshark trace of the packets from the phone show that it is proposing the correct IKE1 parameters with the exception of the SA LifeTime. It proposes 432000 seconds. The Cisco router responds that no proposals are accepted. The maximum SA LifeTime for IPSEC on the RV042G is 86400.
I added a 46xxsettings.txt file to my IP Office using Manager, changing the IKEPxLIFESEC from 432000 to 43200 lines as follows:
## NVIKEP1LIFESEC specifies the proposed IKE SA lifetime in seconds.
## Valid Values: 3 to 8 ASCII numeric digits, "600" through "15552000"
SET NVIKEP1LIFESEC 43200
##
## NVIKEP2LIFESEC specifies the proposed IPsec SA lifetime in seconds.
## Valid Values: 3 to 8 ASCII numeric digits, "600" through "15552000"
SET NVIKEP2LIFESEC 43200
I disabled the VPN in the 9608G and connected the 9608G to the LAN. The phone appeared to download the settings file (it took a little while) and then connected to IP Office and functioned properly.
I restarted the 9608G, entered setup mode (*27238#), reenabled the VPN, checked the rest of the VPN settings and restarted the phone (EXIT, EXIT). It failed to connect to the VPN. Wireshark analysis shows that it is still requesting an SA LifeTime of 432000 seconds, NOT 43200 seconds!
How do I permanently change the 9608G's NVIKEP1LIFESEC and NVIKEP2LIFESEC values within limits acceptable to the RV042G?
The phone VPN setup and the router IKE setup match (PSK, DH2, 3DES, SHA1, etc.).
When trying to connect, the phone times out (13 seconds, "IKE Phase 1 failure" after DHCP, Exch keys, etc.)
A Wireshark trace of the packets from the phone show that it is proposing the correct IKE1 parameters with the exception of the SA LifeTime. It proposes 432000 seconds. The Cisco router responds that no proposals are accepted. The maximum SA LifeTime for IPSEC on the RV042G is 86400.
I added a 46xxsettings.txt file to my IP Office using Manager, changing the IKEPxLIFESEC from 432000 to 43200 lines as follows:
## NVIKEP1LIFESEC specifies the proposed IKE SA lifetime in seconds.
## Valid Values: 3 to 8 ASCII numeric digits, "600" through "15552000"
SET NVIKEP1LIFESEC 43200
##
## NVIKEP2LIFESEC specifies the proposed IPsec SA lifetime in seconds.
## Valid Values: 3 to 8 ASCII numeric digits, "600" through "15552000"
SET NVIKEP2LIFESEC 43200
I disabled the VPN in the 9608G and connected the 9608G to the LAN. The phone appeared to download the settings file (it took a little while) and then connected to IP Office and functioned properly.
I restarted the 9608G, entered setup mode (*27238#), reenabled the VPN, checked the rest of the VPN settings and restarted the phone (EXIT, EXIT). It failed to connect to the VPN. Wireshark analysis shows that it is still requesting an SA LifeTime of 432000 seconds, NOT 43200 seconds!
How do I permanently change the 9608G's NVIKEP1LIFESEC and NVIKEP2LIFESEC values within limits acceptable to the RV042G?
