Mitel phones over HArdware VPN

[TeknikL]

Anyone gotten a Mitel IP phone to connect to a ICP200 over a hardware IPSEC vpn? i can ping it but it wont boot, sais Main unavailable.

(Set statically)

Works in the office.

 

[MitelInMyBlood]

As for "static settings" the only thing you should need on the phone is the address of the RTC and TFTP (which should be the same).

We're doing this exact same thing with the 3300 and Cisco 831 DSL routers on the client side running Cisco's IPSEC.

Though not using the Teleworker server, we do set the phone up using the Teleworker settings only so that the phone has the benefit of the much larger jitter buffer that's not available otherwise.

Here's the relevant piece of the router config (key, peer & IP address altered to protect the innocent)

crypto ipsec client ezvpn ezvpn-client
connect auto
group ezvpn key Cgol#vpn1ez
mode network-extension
peer 64.91.212.197
xauth userid mode interactive
!
!
interface Ethernet0
ip address 10.221.238.65 255.255.255.240
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1348
arp timeout 300
no cdp enable
crypto ipsec client ezvpn ezvpn-client inside
hold-queue 32 in
hold-queue 100 out
!

 

[strai81]

How much bandwidth do you have between your two sites? I just got a site up where I have a Cisco 1841 router at the remote with a Mitel 5020 IP phone, and a PIX 515 at the main site. All sounds well until there is considerable internet use and then the phone gets a lot of jitter.

Thanks,

Steven

 

[MitelInMyBlood]

They're all using AT&T (nee SBC) DSL-PRO (3 Mbps) channels but I've been able to have a voice call up and still almost to bury the bandwidth with a big download. As long as the data download isn't contending for the same pipe as the VPN it works fine. (VPN to office, data download coming from the greater internet not through the vPN). It works with std 1.5 mbps DSL too, again as long as the data isn't in contention for the voice pipe. There is no QOS here.

 

[strai81]

Thanks for the reply. Is there anything special that needs to be configured in the router so that internet traffic goes straight out to the internet?

Steven

 

[MitelInMyBlood]

An access list is used so that the only thing that is allowed across the vpn tunnel is stuff destined for our own internal network (10.x.x.x) That's all pretty fundamental stuff. The voice traffic (when phone is in use) does not use compression and so takes about 80~90k of the available bandwidth. That's pretty typical for a G.711 VOIP connection.

If you need help setting up the router, I'm not your guy. I've been to Cisco router school a few years ago just to pick up the fundamentals and get an understanding of how it all fits together in the grand scheme of things, but a 'network pro' I am not.