Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network setup for VPN phones

Status
Not open for further replies.
mojoputter

mojoputter

Technical User
Oct 11, 2005
1,123
US
Attempting to setup a few vpn 9620's, the IT guy has a few questions that I do not have the answers to. Any help would be apprecited.

1. What type of VPN will they support?
a. PPTP or L2TP?
2. What Encryption Level or settings will they use?
a. 3DES/DES SHA/MD5
3. Are these using a Pre-Shared Key I assume?
 
Sort by date Sort by votes
Hmmm...deep breath...

IPSEC
3DES/DES/AES
SHA1/MD5
PSK/Certificate/XAUTH/combination of PSK and XAUTH



Kyle Holladay / IPOfficeHelp.com
ACSS & APSS Avaya SME Communications
APDS Avaya Data
MCP/MCTS Exchange 2007/2010
Adtran ATSA, Aruba ACMA

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford
 
Upvote 0 Downvote
You need to use IPSEC with group policy and user authentication.
No PPTP or LT2P at all.

Search on the knowledgebase for supported routers.


BAZINGA!

I'm not insane, my mother had me tested!
 
Upvote 0 Downvote
The router is a Sonic TZ190, been told that it is supported
 
Upvote 0 Downvote
OK, were so close to getting these vpn phones working I can taste it. So the Sonic TZ190 firewall is seeing the phone attemtping to connect but still failing, and the display on the 9620 says "VPN tunnel failure" then when I press the deatails button it says "IKE phase 1 no response" there's a crap load of vpn settings on the phone and I'm pretty sure a few of them are not setup correctly. Here's my list of settings and how there set.

Auth Type -- PSK with XAUTH
IKE ID (groupname) -- voip
Pre Shared Key(PSK) -- (password)

IKE ID Type -- USER_FQDN
IKE exchange Mode -- agressive
IKE DH group -- 2
IKE Encryption Alg -- 3DES
IKE Auth Alg -- SHA-1
IKE Configurstion Mode -- Enabled

IPsec PFS DH grp -- NO PFS
IPsec Encryption Alg -- any
IPsec Auth Alg -- any
Protected Net -- 0.0.0.0/0

IKE over TCP -- Never

Anyone that could help me will receive a coupon for a large pizza of there choice, and yes I'm that desparate to get this working...
 
Upvote 0 Downvote
Fase 1 mostly means that it cannot find the router or the group settings.


BAZINGA!

I'm not insane, my mother had me tested!
 
Upvote 0 Downvote
The thing to keep in mind about VPNs is settings have to match on both sides exactly.

A VPN is composed of two phases. Phase 1 and Phase 2. You're not getting past the first phase so your IKE settings aren't matching up.

Ask your firewall admin to give you every single setting on the firewall for VPN and match with your phone.

Theodis Butler
President
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dsm600rr
  • Locked
  • Question
Random Phones - Acquiring Service. IPO SE Remote Phones
Replies
19
Views
935
derfloh
derfloh
AldoLT
VPN J179
Replies
1
Views
499
DrB0b
DrB0b
William C290
  • Locked
  • Solved
J100 Phones on Remote Location
Replies
5
Views
470
William C290
William C290
BerettaGuy
  • Locked
  • Question
Automated attendant setup path
Replies
9
Views
259
BerettaGuy
BerettaGuy
ipcom123
  • Locked
  • Question
Missed calls logs in Avaya Phones
Replies
7
Views
663
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top