Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best VPN Solution for 9608

Status
Not open for further replies.

dbuxton101

IS-IT--Management
Nov 13, 2013
133
AU
Just wondering if anyone has the built in 9608 VPN client working flawlessly, and what VPN gateway they used.
Just after the best match
 
Well I am biased, but we use Watchguard. little XTM25 is great for small offices.

ACSS - SME
General Geek

 
I have quite a few 9608s working flawlessly to Cisco ASA 5505s
 
oh really!
nnarrnn, are you able to send us your 46xxsettings and ASA configs (minus ip addresses and passwords of course)
 
I normally do the phone VPN configs manually, and I'll get a copy of an ASA config for you.

Here is what I use to setup the phones:

VPN Tab:
VPN Enabled
VPN Vendor: Cisco
Gateway: (Public IP Address of ASA)
EXT Router: 0.0.0.0 (Let DHCP Server of where remote phone is distribute)
Ext Subnet: 0.0.0.0 (Let DHCP Server of where remote phone is distribute)
Ext DNS: 0.0.0.0 (Let DHCP Server of where remote phone is distribute)
Encapsulation: 4500-4500
Copy TOS: No
Auth Type: PSK w/ XAuth
VPN User Type: Any
VPN User: (As you assign in ASA)
Password Type: Save in flash
User Password: (As you assign in ASA)
IKE ID: (As you assign in ASA - the group name)
PSK: (As you assign in the ASA - the group password)

IKE ID; KEY_ID
IKE Xchg Mode: Aggressive
IKE DH Group: 2 (or whatever you programmed for phase 1)
IKE Encryption Alg: Any
IKE Auth Alg: Any
IKE Config Mode: Enabled
IPSec PFSDH Group: 5 (or whatever you use for phase 2)
IPSec Encryption Alg: Any
IPSec Auth Alg: Any
Protected Network: 0.0.0.0/0
IKE Over TCP: Never
 
hairlessupportmonkey said:
I wouldnt use an ASA again. They overheat and their memory dies on them.

Weird. We've deployed probably 1000+ ASA 5505s (and a few 5512-X's), and I think I've only seen one or two come back-which was a bad power supply after a bad storm.
 
We deployed a decent number of them. they dont seem to age well. have replaced most of them with XTM25s from watchguard. most of them are all doing IPSEC tunnels on 24/7....

ACSS - SME
General Geek

 
Interesting.

I found a used Watchguard x15 wifi router/firewall in a building that a client bought. I've been toying with it some. I like it so far.
 
Thanks heaps nnaarrnn,
I will eagerly await your ASA Config.
 
I have a client looking to convert an existing user to 9608 VPN user (employee is moving out of state). They use a cisco asa 5505.

nnaarrnn, any chance you could contact me with the settings/files you used?

John Balzer Jr
VoIP Engineer, Fox Telecom
ACE-IP Office, ACSS, APSS, Convergance+
 
Cisco, Draytek, Technicolour; these are some of the models we have 96-series phones working through.
All we've ever had to configure on the handset
HTTP / HTTPS / CallServ / FileServ with the WAN IP of the main site. As long as all the relevant ports are forwarded on the routers it should be fine.
 
Ruuvan said:
As long as all the relevant ports are forwarded on the routers it should be fine.

So everyone can connect a phone from wherever they want, without any other authentication than the extn and pin code?

Sounds like madness to me.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

2cnvimggcac8ua2fg.jpg
 
nnaarrnn, count me in on that ASA config also, my next step is to get VPN working on these phones,and the only articles I have found deal with cert services etc, looking for a simpler solution.
thanks,
ds
 
Gunnar; it' what has been required of me, so just relaying from my experience.
Can't be sure if it's users moving to offices all over the country or what, but that's how I've needed it setup to work -shrug-
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top