Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connecting 9608 Remote Sets options 3

Status
Not open for further replies.

Hankb1982

Vendor
Aug 3, 2013
8
US
Well I have been trying to avoid this, but it fell in my lap.
I have a customer with an IP Office 500 V2 10.0.0.4.0 Build 5 Essential Edition
The previous vendor sold then 3 each 9608 sets for Remote VOIP
Along with 3 endpoint licenses

Site A is where the IP 500 is at
And Site B is the Remote site where the 3 phones will be located

I have never before attempted to do any type of Remote sites
And have always used another Vendor when something like this was above my head
However, he decided to get out of the business all together
I myself have only been doing local IP systems


Site A has a Spectrum Modem that is in Hybrid mode and we have a Public Static IP address to use
There is no router on site and they are just using DHCP from the modem. Only a total of 6 wired devices on site
Everything else is using WiFi. Even the printers
Still trying to verify with Spectrum if they are using any WiFi from the Spectrum modem. I don't think they are. There is another AP device connected


Site B has a Spectrum Modem with just DHCP enabled on it where the Remote phones will be
They also have a POE Switch for me to use

Looking for advice to set this up. And since I have never done this before. I wouldn't mind paying another vendor in the San Antonio / Austin area to do this for me
Both sites are in Austin TX

Thanks in advance
 
Get a pair of Sonicwalls (or similar) and build a VPN tunnel between the sites.

 
On your firewall/router port forward ports 1719 UDP and 1720 TCP to the IP Office IP address.
Also, port forward RTP ports range 49152 thru 53246. If the range is too large, then use 10 or 20 of those ports only.
In Manager go to System/LAN1/VOIP and make sure H323 Gatekeeper is enabled. Also, make sure H323 Remote Extension Enable is checked.
Then in System/Network Topology fill the Public IP Address field and set up the Firewall/NAT Type field with the Static Port Block setting. These changes will require a reboot.
Then after the system reboot, in Manager go to the user and checkmark 'Enable Remote Worker'.
Also, go to Extensions and put a password there.
On the phone side, reboot the phone and when you see Program *, press the * (star) and enter the password CRAFT of 27238#
Then go to ADDRR and enter on the Call Server and HTTP Server fields enter the public IP address go Back and Exit to reboot.
The phone will reboot and if everything is set up properly, it will start downloading the files. At the very end will ask for the Extension and Password.

Good Luck.
 
All hackers in the world would be very happy if you do it this way...

Free phonecalls from now on...

 
That RTP range hasn't been default in IPO since 9.0 due to the fact that it opens access to management.

"Trying is the first step to failure..." - Homer
 
Thanks for the info guys
Going to use the VPN as recommended
Their IT guy says that we only need One Sonic Wall at the IP 500 Site where the Static IP is
And I'm thinking to myself that you need one on each end for Open VPN since the phone side does not have a Static IP Address
Which one of us is full of BS?
 
A single SonicWall at the site with the IP 500 and the static IP address. Make sure the local subnet is something that won't be used at the remote site(s). Program the "GroupVPN" on the SonicWall and the VPN settings in the phone.
 
Ok
I took your advice Touch Tone Tommy
I got the SonicWall up and running at the IP 500 site
Have a Phone connected at the remote side
Came up and asked for extension and password. Which I entered
Then just stays in Discover with the LAN IP address of the IP 500 showing
Just noticed that you said to enter VPN settings on the phone
I enabled VPN
VPN Vendor is set as other
Then it asked for Gateway Address. Is this the Router Public Gateway or what?

And my Data guy is asking me if any ports need to be forwarded.

Thanks
 
No port forwarding.
Disable H.323 Transformations on VoIP > Setting of SonicWall

SonicWall Group VPN
General
Authentication Methood: IKE using Preshared Secret
Name: WAN GroupVPN
Shared Secret: {Password (PSK) goes here}​
Proposals
IKE (Phase1)Proposal
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1
LifeTime (seconds): 28800
Ipsec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: UNchecked
Life Time(seconds): 28800
Advanced
Everything is UNchecked
Default Gateway: 0.0.0.0
Allow Unauthenticated VPN Client Access: LAN Subnets
Client
Everything is UNchecked
Cache XAUTH User Name and Password on Client: Never
Virtual Adapter settings: None
Allow Connections to: Split Tunnels


Avaya 9608 phone
VPN: Enabled
VPN Vendor: Juniper\NetScreen
Gateway Address: Public IP address of SonicWall
External Phone IP Address: 0.0.0.0
External Router: 0.0.0.0
External Subnet Mask: 0.0.0.0
Encapsulation: 4500-4500
Copy TOS: No
Auth Type: PSK
IKE ID (Group Name): GroupVPN
Pre-Shared Key (PSK): Password (PSK) from SonicWall
IKE ID Type: Key_ID
IKE Xchg Mode: Aggressive
IKE DH Group: 2
IKE Encryption Alg: 3DES
IKE Auth Alg: SHA-1
IKE Config Mode: Disabled
Ipsec PFS Group: No PFS
Ipsec Encryption Alg: 3DES
Ipsec Auth Alg: SHA-1
Protected Network: a.b.c.0/24 (Subnet and mask of IP Office)
IKE over TCP: Auto

Set Call Server and HTTP Server to Internal IP address of IP Office (ADDR section of Craft menu)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top