I recently replaced BCM 400 phones with an IPO412. The network and VPN have not changed. (VoIP no longer works).
I have a IPO412 with Checkpoint VPN Issues. If I connect a 5610 or a soft phone on the local network everything works perfectly normal.
Once I put the 5610 on the outside of the firewall it stops working properly. It will download the bin files from the TFTP server and then fail at 99%.
I installed manager at the remote location and pointed the 5610's at the local one to download the tftp from the local machine and I have the same result.
Does the 5610 Avaya IP phone communicate secure with the IPO 412?
Turn phone on/ setup ip info / download files /asks for extension / asks for password / screen goes blank and will not proceed. (Take the phone and plug it into the IPO and it is fine).
VPN SETUP:
Here is the info about our CheckPoint products:
Main office Markham location: Firewall/VPN UTM device, Version NGX R65 running on Secure Platform version R65 which is installed on an IBM x335 server.
remote offices locations: Firewall/VPN EDGE device, firmware version 7.0.33. those are small boxes from checkpoint, between all those sites we have VPN permanent tunnels with NAT DISABLE between those networks.
Site A
IPO412 (Avaya Server - Gatekeeper/Gateway) behind Checkpoint FW UTM NGX R65 (FW A) - main office.
Site B
5610SW IP (Avaya Client B) behind Checkpoint VPN EDGE ver 7.0.33 (FW B) - remote office
Site C
5610SW IP (Avaya Client) behind Checkpoint VPN EDGE ver 7.0.33 (FW C) - remote office
Site A / Site B / Site C are member of a mesh VPN community over Internet. all the tunnels between those sites are defined as permanent tunnels.
No NAT is involved between those LANs.
When I'm trying to connect Avaya client B or C to Avaya server some of the packets are dropped by FW A . I took a look at the dropped reason and it says:" H323 reason: Malformed H.225 message "
that means the packet is either malformed or the checkpoint FW A detects the packet as malformed because in not 100% complying with the specific RFC for H323 series of protocols.
I already opened a ticket with Checkpoint and they specified that it is a known incompatibility between Avaya ip phones and checkpoint products !!!
they will try to guide me for a work around, but they told me that Avaya might have already an work around as they will try to accommodate they product in a checkpoint environment.
I have TFTP Logs and Sys logs for the 15 minute periods of registration attempts
Please let me know if you have any ideas.
Thanks
I have a IPO412 with Checkpoint VPN Issues. If I connect a 5610 or a soft phone on the local network everything works perfectly normal.
Once I put the 5610 on the outside of the firewall it stops working properly. It will download the bin files from the TFTP server and then fail at 99%.
I installed manager at the remote location and pointed the 5610's at the local one to download the tftp from the local machine and I have the same result.
Does the 5610 Avaya IP phone communicate secure with the IPO 412?
Turn phone on/ setup ip info / download files /asks for extension / asks for password / screen goes blank and will not proceed. (Take the phone and plug it into the IPO and it is fine).
VPN SETUP:
Here is the info about our CheckPoint products:
Main office Markham location: Firewall/VPN UTM device, Version NGX R65 running on Secure Platform version R65 which is installed on an IBM x335 server.
remote offices locations: Firewall/VPN EDGE device, firmware version 7.0.33. those are small boxes from checkpoint, between all those sites we have VPN permanent tunnels with NAT DISABLE between those networks.
Site A
IPO412 (Avaya Server - Gatekeeper/Gateway) behind Checkpoint FW UTM NGX R65 (FW A) - main office.
Site B
5610SW IP (Avaya Client B) behind Checkpoint VPN EDGE ver 7.0.33 (FW B) - remote office
Site C
5610SW IP (Avaya Client) behind Checkpoint VPN EDGE ver 7.0.33 (FW C) - remote office
Site A / Site B / Site C are member of a mesh VPN community over Internet. all the tunnels between those sites are defined as permanent tunnels.
No NAT is involved between those LANs.
When I'm trying to connect Avaya client B or C to Avaya server some of the packets are dropped by FW A . I took a look at the dropped reason and it says:" H323 reason: Malformed H.225 message "
that means the packet is either malformed or the checkpoint FW A detects the packet as malformed because in not 100% complying with the specific RFC for H323 series of protocols.
I already opened a ticket with Checkpoint and they specified that it is a known incompatibility between Avaya ip phones and checkpoint products !!!
they will try to guide me for a work around, but they told me that Avaya might have already an work around as they will try to accommodate they product in a checkpoint environment.
I have TFTP Logs and Sys logs for the 15 minute periods of registration attempts
Please let me know if you have any ideas.
Thanks
