Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya - Sonicwall VPN issue

Status
Not open for further replies.
jimbo1007

jimbo1007

Technical User
Dec 22, 2013
150
GB
Hi,

I have a 9620 handset which works fine locally but when I try and use it at the remote site it is just trying to discover the phone system address and will not connect. There is a sonic wall between the 2 sites and I can ping the IP office at the main site from the remote site. Any ideas?

TIA,
 
Sort by date Sort by votes
I just saw the ip address that was put for gateway. I take it, its the main ip address that I put for gateway then?

Also is metric 0? and should I tick proxy ARP?
 
Upvote 0 Downvote
The gateway is the router that you use to leave your network, the default gateway that your PC's/servers use, the metric and proxy just leave :)

 
Upvote 0 Downvote
And for the record, all of this is available in the help files, (F1 -> IP routes) [smile]

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
I have followed all of the above information. Now I'm back at the remote site, I cleared the phone as they were still saying discover 192.168.168.121 (the system IP) and re-entered the call server ip. It just restarts and goes back to discover but when I enter menu then craft it shows all of the other fields are populated, it gives the phone an up address ect

I think I will just configure the h323 extensions over their guest broadband and forward the ports for h323. Much easier than messing about with these sonic walls.
 
Upvote 0 Downvote
@Gunnaro shouldn't it be 192.168.0.0 then 255.255.0.0 then the local gateway then the port LAN1 or 2? for this to work.
Mike
 
Upvote 0 Downvote
@teletechman:
255.255.0.0 would be Class B network. (I'm assuming OP has configured this 192.168.0.0/24, not 192.168.0.0/16)
In this particular case, the IP route's last two octets are .0.0, so the bitwise AND'ing would then match for 192.168.xxx.yyy.
It would work, but you open up more in one blow.

@Jimbo:
Port forwarding will be even worse. You clearly have some issues in that network, so taking the time to fix it now would save you lots of headache in the future [smile]

- You can ping the GW from the other side, right?
- Did you uncheck "Enable H.323 Transformations" on the VoIP tab, on both Sonicwalls?
- Have you rebooted the sonicwalls too? (It does not take any changes while the tunnel is up.)
- Are there any custom rules on the Sonicwalls? (That could throw the traffic in the wrong direction.)

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
@ Gunnaro:
There are no rules on the sonic walls and all ports are open. H323 transformations are unchecked on both sides. Both have been rebooted. This is all according to the network engineer but he seems like he knows his stuff.

Both routers, all work stations and even the handsets can be pinged from both sides.

@Riddle:
There was only the default IP route configured on the system and I was able to ping the IP Office from the remote site.
I am not too sure what the following means:
'Are you sure they aren't on the same subnets and you are in fact pinging something local? What does you're ARP cache say the MAC is that's responding?'

But both IP addresses are on the same subnet.

I am sure I will get to the bottom of this. The first thing I am going to do tomorrow is take Riddles advice and check if SSA is logging the IP address of the handsets.

If anyone else can provide any advice it will be most appreciated.

TIA,
 
Upvote 0 Downvote
A couple of other things,

- reset the phone, dial MUTE + 27238 (CRAFT), scroll down to CLEAR phone and select OK.

- does the phone get the software upgrades? (Look closely during boot.)

- can you connect with Manager, Monitor or SSA from the external site?

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
Thanks for this Gunnaro.

I will try the above shortly. I have tried to ping from my laptop at the remote site and that could not ping anything on the other side.

I have disabled my firewall and then went to google chrome and then after going to proxy settings it asked me to download a sonicwall enforcer package which works through mcafee. I can now access the Internet and ping the system on the other side.

I am sure there is something which needs to be done on the handsets or the sonicwall to allow them access just like I had to do on the laptop.

 
Upvote 0 Downvote
I find the Sonicwalls tricky, so I stick to Cisco, Juniper and Watchguard. Makes my day a lot easier.

My money is on the firewall config, but you got me a bit worried now....Have you made the system accessible from the internet?
(easy to check, go somewhere off premises, launch Manager and scan the public IP of the GW. If you see the IPO, you did something you shouldn't)

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
I am almost positive the system cannot be access from the public internet. I will check this when I get home but I almost certain this is not possible.

The only other thing I can think of is that I would need to change something in the 96xxvpn.txt which Ayking mentioned in a previous thread about the sonic wall or I was thinking maybe I need to change something on the Avaya IP Office in network topology?

Apart from that I am stumped. I have lost confidence in the network engineer here as I don't think he knows too much about the sonicwall so I think ill have a go at finding a sonicwall forum.

Many thanks for your help,
 
Upvote 0 Downvote
I have left the network engineer red faced as he has now had to admit to the customer it was the firewall policies. Finally I am getting somewhere. Thank you for all the help
 
Upvote 0 Downvote
It's always the network! [smile]

Red face is good, then he learnt something today.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
Upvote 0 Downvote
The 96xxvpn.txt is used when the phone is actually outside of the network on the Internet and need to do a VPN into the Sonicwall for connectivity. In your case if you have 2 Sonicwall at the sites, you should have a site-to-site VPN that handles all the VPN/network side of things (that's the network engineer), and you should just worry about setting the call server IP on the phone (no VPN) and correct IP route on the IPO for the remote network.

For example, if your network is like this:
IPO network: 192.168.11.0/24
IPO network Sonicwall gateway: 192.168.11.254
Remote network: 192.168.21.0/24

Then the IP route in your IPO should be:
IP address: 192.168.21.0
IP Mask: 255.255.255.0
Gateway IP address: 192.168.11.254
Destination: LAN1/LAN2 depends on your network
Metric: 0
Proxy ARP: Unchecked

Hope this helps.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Elsa.bet
  • Question
AVAYA ACCS CTI LINK ISSUE
Replies
2
Views
335
Mo. Abdullah
Mo. Abdullah
edlee321
  • Locked
  • Question
Avaya communicator for web Chrome Extension Oauth issue
Replies
1
Views
205
fonedoctr
fonedoctr
R3LzX
  • Question
Avaya ip office 12 Server edition iso verses OVA (iso =issue)
Replies
2
Views
249
R3LzX
R3LzX
M
  • Question
Avaya K175
Replies
6
Views
218
mohamedmohy365
M
atcphone
  • Helpful tip
Avaya IPO Virtualization
Replies
1
Views
310
derfloh
derfloh

Part and Inventory Search

Sponsor

Back
Top