Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Office > 9620L VPN phone, using Juniper SSG

Status
Not open for further replies.
hendersen

hendersen

Technical User
Jan 25, 2011
24
0
0
ID
Hi,

i trying to set up 9620L VPN Phone to ip office, and using Juniper SSG as security gateway.
i followed the step from link below :

but when setup the vpn tunnel, it failure with details :
IKE Phase 2 no response

anybody can help ?
 
Sort by date Sort by votes
Nope, the one you have is for the CM and i posted the ipo doc.
I have done it once in the past woth a SSG5 and it works great.
Never had any issues with it.


BAZINGA!

I'm not insane, my mother had me tested!
 
Upvote 0 Downvote
ups, sorry, you're correct.
but we already had that docs, and followed the steps.
the phone still failure when build vpn tunnels, with error :
IKE Phase 2 no response.
do you know what settings we miss/fault ?

here below are the contains of 96xxupgrade.txt :

SET MCIPADD
SET NVVPNMODE 1 (VPN enable)
SET NVVPNCFGPROF 5 (JNPR_PSX_AUTH)
SET NVSGIP "202.77.115.183" (IP Public Juniper SSG)
SET NVVPNENCAPS 0 (4500-4500)
SET NVVPNCOPYTOS 1 (Yes)
SET NVVPNUSERTYPE 1 (any)
SET NVVPNUSER "tom"
SET NVVPNPSWDTYPE 1 (Save in flash)
SET NVIKEID "vpnphone@avaya.com"
SET NVIKEPSK "1234"
SET NVIKEIDTYPE 3 (USER-FQDN)
SET NVIKEXCHGMODE 1 (Aggressive)
SET NVIKEDHGRP 2
SET NVIKEP1ENCALG 0 (Any)
SET NVIKEP1ENCALG 0 (Any)
SET NVIKECONFIGMODE 1 (enabled)
SET NVPFSDHGRP 2
SET NVIKEP2ENCALG 0 (Any)
SET NVIKEP2AUTHALG 0 (Any)
SET NVIKEOVERTCP 0 (Never)
SET IKEP2LIFESEC 432000
SET VPNCODE "876"
SET PROCPSWD 27238
SET VPNPROC 2
 
Upvote 0 Downvote
TRy removing the lifetimes out of it (you need to clear the phone because it will remember those settings)
Also use a password with 8 or more characters.
I have seen issues with password shorter then 8.


BAZINGA!

I'm not insane, my mother had me tested!
 
Upvote 0 Downvote
tlppeter - could you help us by send your 96xxupgrade.txt ?
we still stuck with IKE Phase 2 no response.
thanks be4.
 
Upvote 0 Downvote
Phase 2 then the settings for the Juniper routing of the phone connection with the CM are not correct.

Phase 1 is the construction of the tunnel
Phase 2 is device authentication alert by tunnel

My File :

ET NVIKEDHGRP 2
SET NVIKEID "GroupVPN"
SET NVIKEIDTYPE 2
SET NVIKEOVERTCP 0
SET NVIKEP1AUTHALG 2
SET NVIKEP1ENCALG 2
SET NVIKEP2AUTHALG 2
SET NVIKEP2ENCALG 2
SET NVIKEPSK "password"
SET NVIKEXCHGMODE 1
SET NVIPSECSUBNET 192.168.25.0/24
SET NVPFSDHGRP 2
SET NVSGIP "255.255.255.255"
SET NVVPNAUTHTYPE 3
SET NVVPNENCAPS 0
SET NVVPNSVENDOR 4
SET NVXAUTH 2
SET NVHTTPSRVR 192.168.0.26
SET NVMCIPADD 192.168.25.1
SET NVIKECONFIGMODE 2
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

K
  • Question
96xx IP Phone not update.
Replies
7
Views
335
derfloh
derfloh
g00s3
  • Locked
  • Question
Avaya IP office PRI through VPN 1
Replies
5
Views
112
g00s3
g00s3
Dimorus
  • Locked
  • Question
ip office 406 and ip office 400 analog phones (downgrade)
Replies
4
Views
106
ipohead
ipohead
icet500
  • Locked
  • Question
Yealink IP phone and IP Office R11 directory/contacts !!! 5
Replies
11
Views
190
TomMills
TomMills
Abdul manaf
  • Question
Avaya IP Office Web Manager
Replies
2
Views
233
derfloh
derfloh

Part and Inventory Search

Sponsor

Back
Top