Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BCM 50 Rev 2 & remote sites 1

Status
Not open for further replies.

mylox

IS-IT--Management
Mar 30, 2006
31
US
Question:

I have a BCM 50 Rev 2 I just installed to replace an old BCM 1000 unit thinking this would fix an old issue I had but no such luck. The issue is on the remote sites. Currently they are setup with d-link VPN connections to the main office and the phones work great calling out and the ext in the office. The problem is when a remote site tries to call another remote site, it rings but no voice. Page works, voice call does not and ext dialing does not. ONLY remote to remote does it NOT work. I opened up a ton of ports but still no fix. Any ideas?

Ports I opened were:
20000-20255
28000-28255
1719-1719
2216-2219
5000
7000
60000-60001

I got most of those from reading here and on the ports page on the bcm. Your help would be greatly appreciated. If the routers need to be replaced could you all suggest a good alternative that is not crazy money. Thanks in advance!
 
oh also ports 51000-51285

I turned them all off since nothing worked

 
Check your VPN setup. The BCM side needs to be able to see the entire subnet of the remote offices. Each remote office needs to see the subnet of each other office as well as the main site.

Tunnel to Tunnel traffic must be allowed to pass.
 
So basically I need static ips at the remote sites? I think that is the only way to set that up is it not? I have Dynamic VPN turned on at the main office so that it don't care what IP comes in as long as it authenticates correctly it creates the tunnel. Or am I missing something easy? I bet I am hehe
 
By subnets, I mean the private subnets at each site. Public IP is irrelevant as long as the tunnels establish.
 
I have found that in addition to the vpn from the remote site to the BCM you need a vpn from one remote site to the other....basically creating a triangle.

Also, the ports need to be open on all three routers.

I have managed the dynamic/static problem by using the built in Dynamic DNS functionality in the routers and then having the vpn tunnels reference the DNS name rather than the static ip address.
 
You don't need a triangle if you build your tunnels correctly.
 
I have built them correctly I am 95% sure but have not been able to resolve this. That triangle thing was the next step I guess unless I can pay you to fix it for me Magna =)
 
Because you are using VPN, you don't need to open ports.

Call central site A, and 2 remotes sites B & C. I'm unfamiliar with D-link, so you'll need to bear with me a bit:

Site A needs to have in it's VPN config with Site B:

Local network = Site A subnet, remote network = Site B subnet

Site A needs to have in it's VPN config with Site C:

Local network = Site A subnet, remote network = Site B subnet

Site A also needs to allow tunnel to tunnel traffic to pass and all 3 sites must be on different subnets.

Site B needs to have local net = B subnet and remote networks = A & C subnet

Site C needs to have local net = B subnet and remote networks = A & B subnet.

Once you have the tunnels built, a look in the routing tables should show at site B, that site C is accessible through site A. If not, put in a static route or turn on RIP. Same with site C. Once done, you should be able to ping the internal IP of site B from site C and vice-versa.

Once those are tested, you should be good to go with traffic from any host to any other host.
 
I don't think the d-links are capable of building it this way. Any recomendations on what I should go out and get? Also if it had wireless built in that would be great, if not no biggie.
 
Also if it changes your recomendation, both sites are NOT static ip's
 
Wireless in on the LAN and is not relevant to the VPN. You could re-use the dlinks as AP's on your LAN if you want.

For simplicity I would use a BSR222 or VPN router 1010 at the remotes and a VPN router 10X0 or 11X0 (with the statefull firewall code) at the main site. More expensive to purchase, but it will meet your needs. If the remotes are BCM50e, they have the 222 built it (if older release, they are C221).

Either way, it's not too hard to set up. Static IP's are not necessary.

Let me clarify something that I may have missed....are you using softphones at the remote sites or do you have a system at the remotes?
 
remote sites only have a i2004 phone and a computer at them running d-link VPN. They both have the advantage of being in a verizon FIOS area so they are running at 5/2 mps and rock solid.
Main office has the BCM 50 Rev 2 (no router)

So Main office use BSR222 and remotes 10 or 11x0?
 
No. Go with the BSR222 at the remote (cheaper) and a 10X0 at the main.
 
is there any reason not to buy the 1100 or 1000 off of ebay? Like if they dont have a pw to them can it be cracked etc? I see the BSR222 mfg#NT5S20AAE6 are like 325 - 350 this about right?
 
THis is a 1050 I can pick up local tomorrow. Look ok on the config he said it is reset to defaults.

General Software Celeron Embedded BIOS (tm) Version 4.3
Nortel BIOS version 4.3ral Software, Inc.
Nortel Networks Contivity
00000640K Low Memory Passed
00129024K Ext Memory Passed
Wait.....

(C) 2000 General Software, Inc.
Celeron-4.3-6E69-E20E

VxLd 1.2 .......................................................................


Nortel Networks System Boot

Nortel Networks Extranet Access Switch
Copyright (c) 1999-2002 Nortel Networks, Inc.
Boot Image Version: V04_07
Creation date: Apr 22 2002, 14:16:12

auto-booting...
done.

Performing Check Disk on [/ide0/] ...
Copyright (c) 1993-1996 RST Software Industries Ltd. Israel. All rights reserved
ver: 2.6 FCS

Disk Check In Progress ...
total disk space (bytes) : 62,633,984
bytes in each allocation unit : 2,048
total allocation units on disk : 30,583
bad allocation units : 0
available bytes on disk : 43,878,400
available clusters on disk : 21,425
maximum available contiguous chain (bytes) : 23,629,824
available space fragmentation (%) : 47
clusters allocated : 9,158
Done Checking Disk.
Attempting to Load /ide0/system/bin/vxWorks...34616 + 6273152 + 107928
Starting at 0x2000000...

Welcome to the Contivity Secure IP Services Gateway
Copyright (c) 1999-2004 Nortel Networks, Inc.
Version: V05_00.136
Creation date: Aug 20 2004, 15:50:15
Date: 10/06/2007
Unit Serial Number: 3768

Please enter the administrator's user name: admin
Please enter the administrator's password: setup


Main Menu: System is currently in NORMAL mode.

1) Interfaces
2) Administrator
3) Default Private Route Menu
4) Default Public Route Menu
5) Create A User Control Tunnel(IPsec) Profile
6) Restricted Management Mode FALSE
7) Allow HTTP Management TRUE
8) Firewall Options
9) Shutdown
B) System Boot Options
P) Configure Serial Port
C) Controlled Crash
L) Command Line Interface
R) Reset System to Factory Defaults
E) Exit, Save and Invoke Changes

Please select a menu choice (1 - 9,B,P,C,L,R,E):
 
Just bought the unit above local. Is there a way I can update it to the most current firmware or is that it because I can't find it on Nortel's site. I ordered the BSR222 and they are inbound now =)
 
To update will require a service contract with Nortel. Not a bad investment if you ask me because they will also provide the configuration assistance to get the firewall correctly programmed for your needs.
 
Anyone able to program these for me? I don't mind paying of course I just don't know how and nortel is not calling me back those punks!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top