96xx VPN

[ogTOKYO]

Hi guys,

I've searched but haven't found decent info on it, and seems to be a common problem.


I have a user with a VPN phone dropping connection on:
A) extended long idle
B) nightly, URQ error.


I'm assuming it's timeouts, where exactly can I change the timeouts.

Additionally, can I change the lifetime for the VPN on the phone side? right now it's at 28800 which I think is just default for pretty much every single VPN tunnel.

Thank you!

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[rdoubrava]

nothing to do with the phone.
My phone at home has been idle for 5 days.
Change the settings on your VPN router.

 

[ogTOKYO]

I've checked the settings, they are the same as all the other VPN firewalls I've set up. NO h323 transformation, no SIP ALG. everything checks out.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[gwebster]

What version of firmware on the phone? Is it anywhere close to the latest available?

 

[ogTOKYO]

Hello Gweb,

It's a 9.0.1, and the FW I believe is running 3.1, they are 96xx.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[gwebster]

3.2.7 is the latest for those models.

 

[rdoubrava]

Upgrade your phone system

 

[ogTOKYO]

So no solution, just upgrade the phone system?

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[janni78]

Most likely the VPN settings doesn't match on both sides which causes your VPN to be rebuilt during IKE rekey.
VPNs against Cisco ASAs are most sensitive to this but you'll need to check the VPN logs on your firewall when this happens.

"Trying is the first step to failure..." - Homer

 

[gwebster]

You are running old software on the IPO and old firmware on the phones. It is possible that an upgrade of both will resolve your issue.

 

[amriddle01]

Of just go fix it, it's your job I imagine, it's certainly not ours.
Why try to berate us for not spoon feeding you a solution?
Work it out and then tell us what went wrong, thats how the site works

 

[ogTOKYO]

I'm not berating anyone - it would be obvious if I was, but i've read a lot of threads where the solution is simply just "Upgrade the system", which leads me to believe that avaya just doesn't work right period.


VPN settings match perfectly, otherwise they wont connect - The rekeys are set to default, which are 23300 I think, i'd have to recheck the config but pretty sure it is, which is what the network admin is proving to me by providing configs for the SonicWall. I dont have this issue with the VPN phones i've set up before, those of which i've had access too config. Unfortunately this third party IT company will not allow me access and everything takes 2-3 days unless it's absolutely critical tickets... pretty annoying.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[critchey]

Early versions of IPO for major releases tend to not work very well. You are running the first service pack for 9.0 when there are now 12 service packs. Yes quite often the solution is to upgrade your system. You are 11 service packs worth of fixes behind the curve.

That is like running Windows 7 with no service packs and having issues but refusing to upgrade your computer.

 

[janni78]

If you're running 9.0.1 then a upgrade is in place even though it doesn't solve the issue.
And VPN settings doesn't have to match on every setting for the VPN to work, it will just fail during rekey, that's why I said to look in the VPN logs.

Don't understand why people think that phone systems should run on the firmware they came on, you upgrade computer software all the time and I'm guessing your mobile isn't on the delivered firmware.
x.0 of anything is seldom any good, doesn't matter if it's a PBX, computer, gaming console, mobile phone, computer software, car software, network software... hell any software.

"Trying is the first step to failure..." - Homer

 

[ogTOKYO]

Don't understand why people think that phone systems should run on the firmware they came on, you upgrade computer software all the time and I'm guessing your mobile isn't on the delivered firmware.
x.0 of anything is seldom any good, doesn't matter if it's a PBX, computer, gaming console, mobile phone, computer software, car software, network software... hell any software"


Doesn't help when avaya's patch notes are pretty poor. I don't disagree, but I also can't force people to upgrade, however, I'll triple check with the IT Comp and have them reverify all the VPN's again. I'll push the upgrade.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[Pepp77]

I have phones ranging from 5610s and 9620s to 9608s connected as VPNs to Sonicwalls. A large number of them will be on versions of software that do not tally with the phone system they are connecting to - for example I took a 9620 VPN phone that was configured back when our in house system was on release 6 and reused it recently on our now release 10 system and it worked without any issues at all.

I do know I have never done anything special on a sonicwall for a VPN phone to work and in fact was able to create a 2 page word doc for customers explaining the 5 or 6 steps required to configure it on the sonicwall.

| ACSS SME |

 

[ogTOKYO]

Thanks for your input Pep, the way I see if, should the tunnel be implemented right, then there should be no problems. it's not rocket science to create GroupVPNs, in a sonicwall, nonetheless. This IT comp hasn't replied since I asked for VPN logs, I wish they could just give me the network reigns for this one.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||