Hello All,
I am trying to use the built-in VPN on the 96XX series sets (tested on a 9608, 9611, and 9621), with a Cisco RV320 Dual WAN VPN Router.
I've scoured the web trying to find a resolution to my issue, but I can't seem to find anything. I have configured the VPN settings on the RV320 like for like with the Avaya documentation, and with the phones as well. The phone will boot up, grab DHCP from my local network, it exchanges keys, and establishes a tunnel, attempts to contact call server, and then a second or two later sits at "Discover XXX.XXX.XXX.XXX" (IP of the IP Office).
I've looked through the VPN appliance logs, and I can see the tunnel establish, and no errors, but the tunnel drops after 60 seconds or so (Dead Peer Detection I'm assuming). The VPN puts the phone into a Virtual IP Range, and I have confirmed the phone replaces it's IP address with an IP from this range after the tunnel establishes.
I've tried on 3 different 96xx model sets, just to confirm, but the problem remains the same. I thought it was a routing issue on the RV320, but I can see it build the routes in the VPN log, and the routing table, but removes them once the tunnel disconnects after the minute or so. I have tried to ping the Virtual IP of the phone while the tunnel is up; from a PC on the VPN, and from the IP Office, but no replies.
If anyone has any ideas, I'm all ears. I'll put the config I'm using below.
CISCO RV320 SETTINGS:
(Client to Gateway - Easy VPN)
-Tunnel Name: AvayaPhones
-Password: XXXXXX <--- example Pre-Shared Key
-Interface: WAN1
-Enabled
-Tunnel Mode: Full Tunnel
-IP Address: 192.168.1.0 (Not configurable with full tunnel)
-Subnet Mask: 255.255.255.0
-Extended Authentication: Default-Local Database
(I have configured the Username & Password in User Management)
AVAYA 96XX SETTINGS:
>ADDR Settings:
-Phone(IPV4): Picked up from Local DHCP (changes to VPN virtual IP after tunnel establishes)
-Call Server: 192.168.1.250
-Router: 192.168.137.1 (From Local DHCP)
-Mask: 255.255.255.0 (From Local DHCP)
-HTTP Server: 192.168.1.244 (PC on VPN running HTTP Server)
>VPN Settings:
-VPN: Enabled
-VPN Vendor: Cisco
-Gateway Address: WAN IP of Gateway
-External Phone IP: 192.168.137.35 (From Local DHCP)
-External Router: 192.168.137.1 (From Local DHCP)
-External Subnet Mask: 255.255.255.0 (From Local DHCP)
-External DNS Server: 192.168.137.1 (From Local DHCP)
-Encapsulation: 4500-4500
-Copy TOS: No
-Auth Type: PSK with XAUTH
-VPN User Type: Any
-VPN User: USERNAME CONFIGURED IN USER MGMT ON CISCO BOX
-Password Type: Save in Flash
-User Password: PASSWD CONFIGURED IN USER MGMT ON CISCO BOX
-IKE ID (Group Name): AvayaPhones
-Pre-Shared Key (PSK): PSK CONFIGURED ON CISCO BOX IN VPN SETTINGS
PHASE 1:
-IKE ID Type: KEY_ID
-IKE Xchg Mode: Aggressive
-IKE DH Group: 2
-IKE Encryption Alg: ANY
-IKE Auth Alg: Any
-IKE Config Mode: Enabled
PHASE 2:
-IPsec PFS DH Group: 2
-IPsec Encryption Alg: ANY
-IPsec Auth Alg: ANY
-Protected Network: 0.0.0.0/0
-IKE Over TCP: NEVER
------
Phones were all upgraded to 6.6 via HTTP Server before hand.
Any suggestions?
I am trying to use the built-in VPN on the 96XX series sets (tested on a 9608, 9611, and 9621), with a Cisco RV320 Dual WAN VPN Router.
I've scoured the web trying to find a resolution to my issue, but I can't seem to find anything. I have configured the VPN settings on the RV320 like for like with the Avaya documentation, and with the phones as well. The phone will boot up, grab DHCP from my local network, it exchanges keys, and establishes a tunnel, attempts to contact call server, and then a second or two later sits at "Discover XXX.XXX.XXX.XXX" (IP of the IP Office).
I've looked through the VPN appliance logs, and I can see the tunnel establish, and no errors, but the tunnel drops after 60 seconds or so (Dead Peer Detection I'm assuming). The VPN puts the phone into a Virtual IP Range, and I have confirmed the phone replaces it's IP address with an IP from this range after the tunnel establishes.
I've tried on 3 different 96xx model sets, just to confirm, but the problem remains the same. I thought it was a routing issue on the RV320, but I can see it build the routes in the VPN log, and the routing table, but removes them once the tunnel disconnects after the minute or so. I have tried to ping the Virtual IP of the phone while the tunnel is up; from a PC on the VPN, and from the IP Office, but no replies.
If anyone has any ideas, I'm all ears. I'll put the config I'm using below.
CISCO RV320 SETTINGS:
(Client to Gateway - Easy VPN)
-Tunnel Name: AvayaPhones
-Password: XXXXXX <--- example Pre-Shared Key
-Interface: WAN1
-Enabled
-Tunnel Mode: Full Tunnel
-IP Address: 192.168.1.0 (Not configurable with full tunnel)
-Subnet Mask: 255.255.255.0
-Extended Authentication: Default-Local Database
(I have configured the Username & Password in User Management)
AVAYA 96XX SETTINGS:
>ADDR Settings:
-Phone(IPV4): Picked up from Local DHCP (changes to VPN virtual IP after tunnel establishes)
-Call Server: 192.168.1.250
-Router: 192.168.137.1 (From Local DHCP)
-Mask: 255.255.255.0 (From Local DHCP)
-HTTP Server: 192.168.1.244 (PC on VPN running HTTP Server)
>VPN Settings:
-VPN: Enabled
-VPN Vendor: Cisco
-Gateway Address: WAN IP of Gateway
-External Phone IP: 192.168.137.35 (From Local DHCP)
-External Router: 192.168.137.1 (From Local DHCP)
-External Subnet Mask: 255.255.255.0 (From Local DHCP)
-External DNS Server: 192.168.137.1 (From Local DHCP)
-Encapsulation: 4500-4500
-Copy TOS: No
-Auth Type: PSK with XAUTH
-VPN User Type: Any
-VPN User: USERNAME CONFIGURED IN USER MGMT ON CISCO BOX
-Password Type: Save in Flash
-User Password: PASSWD CONFIGURED IN USER MGMT ON CISCO BOX
-IKE ID (Group Name): AvayaPhones
-Pre-Shared Key (PSK): PSK CONFIGURED ON CISCO BOX IN VPN SETTINGS
PHASE 1:
-IKE ID Type: KEY_ID
-IKE Xchg Mode: Aggressive
-IKE DH Group: 2
-IKE Encryption Alg: ANY
-IKE Auth Alg: Any
-IKE Config Mode: Enabled
PHASE 2:
-IPsec PFS DH Group: 2
-IPsec Encryption Alg: ANY
-IPsec Auth Alg: ANY
-Protected Network: 0.0.0.0/0
-IKE Over TCP: NEVER
------
Phones were all upgraded to 6.6 via HTTP Server before hand.
Any suggestions?
