IPsec tunnel up, but not i2004 1

[chrisrudeau]

I currently have a contivity 1010 setup at hq and a contivity 1050 at a home. I created an IPsec tunnel that appears to be working correctly.

From the house (a 192.168.1.x network) I can open an IE window and type in 192.168.2.2 (server at HQ private address) and it pulls up the server. But I can't pull at the BCM, 192.168.2.254. the .254 is the bcm's published address. At hq I can open IE and type in the .254 address and it pulls up the BCM GUI. Is there something I am missing here??

The I2004 at the house won't connect to the bcm when it is dhcp. It can't locate the sever. If I manually set it to a 192.168.2.x address I get an IP Address Conflict. Even though I know that IP isn't used.

 

[3Sixty]

First question

Have you set the default gateway on the office network on the BCM?

Second Question

Have you configured the IP phone to use partial DHCP?

There is a diagram on my website under FAQS that should help.

Marshall

http://www.nortelsupport.net

 

[BlackCuervo]

In the BCM under Services go to IP Routing and create a Static Route in LAN 1 (Your published IP address for IP Telephony) try this one:

0.0.0.0
0.0.0.0
192.168.2.13 (The Contivity's private LAN port)

I think this will help.

 

[chrisrudeau]

BlackCuervo, that did it. Phone came right up once i entered that into the BCM.

Now the next part of my project is to implement this at all the salesguys homes.

I'm thinking that the 1050's should be in between the dsl/cable modems and their linksys routers. My only concern with this is ports getting blocked by the contivities, and that all the home traffic (email, internet) will get pumped through the ipsec tunnel. I really want to configure as little as possible.

Any way to just pub the contivity on the private side of the linksys, enter it into the DMZ of the linksys, and then just the i2004 would be plugged into the contivity?

 

[chrisrudeau]

only issue I see with going on the private side of the linksys is that all of the linksys routers are set to the 192.168.1.X networks. But technically that shouldn't matter because of the linksys NAT and that the private sides of the contivities will all be 192.168.3.X 192.168.4.X and so on.

Any input?

 

[3Sixty]

The other thing you will need to know is the first static route is always removed if the BCM restarts. The other thing you will need in place is if these are lan to lan tunnels you will need the contivity to route tunneled traffice so that the IP phones can ring each other.

Marshall

http://www.nortelsupport.net

 

[chrisrudeau]

the first static route is removed? As in I have to go back into the bcm and reenter what blackcuervo put? That seems odd.

Or does the route just go down because the bcm is down. I'm confused at how the static route would be removed.

 

[3Sixty]

call it a perk.

Marshall

http://www.nortelsupport.net

 

[chrisrudeau]

Well I have that tunnel working at the office now,

This weekend I went home and popped a 1050 into my linksys. I configured the public side of the 1050 to be 192.168.1.53, and the private side of the 1050 is my 192.168.3.xx So I went into the HQ 1010 and setup a network for "Chrishome" and popped in the 192.168.3.xx

I set the public interface to "permit all" and add the gateway into the 1050 (192.168.1.1). And i got internet access through the 1050.

So I did the manage/srv.pq (don't remember know, but the BOQS). I entered my settings into the BOQS screen.

About 3 minutes later I can see on both ends that the tunnel is up. But I can't ping anything at HQ and the I2004 isn't connecting. I can't browse anything at HQ with it's IP address either. However if on the I2004 I try to set it's IP manually to an IP that is on the private side of HQ, I get an IP address conflict even that that address isn't being used.


Any ideas???