Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network setup for VPN phones

Status
Not open for further replies.

mojoputter

Technical User
Oct 11, 2005
1,123
US
Attempting to setup a few vpn 9620's, the IT guy has a few questions that I do not have the answers to. Any help would be apprecited.

1. What type of VPN will they support?
a. PPTP or L2TP?
2. What Encryption Level or settings will they use?
a. 3DES/DES SHA/MD5
3. Are these using a Pre-Shared Key I assume?
 
Hmmm...deep breath...

IPSEC
3DES/DES/AES
SHA1/MD5
PSK/Certificate/XAUTH/combination of PSK and XAUTH



Kyle Holladay / IPOfficeHelp.com
ACSS & APSS Avaya SME Communications
APDS Avaya Data
MCP/MCTS Exchange 2007/2010
Adtran ATSA, Aruba ACMA

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford
 
You need to use IPSEC with group policy and user authentication.
No PPTP or LT2P at all.

Search on the knowledgebase for supported routers.


BAZINGA!

I'm not insane, my mother had me tested!
 
The router is a Sonic TZ190, been told that it is supported
 
OK, were so close to getting these vpn phones working I can taste it. So the Sonic TZ190 firewall is seeing the phone attemtping to connect but still failing, and the display on the 9620 says "VPN tunnel failure" then when I press the deatails button it says "IKE phase 1 no response" there's a crap load of vpn settings on the phone and I'm pretty sure a few of them are not setup correctly. Here's my list of settings and how there set.

Auth Type -- PSK with XAUTH
IKE ID (groupname) -- voip
Pre Shared Key(PSK) -- (password)

IKE ID Type -- USER_FQDN
IKE exchange Mode -- agressive
IKE DH group -- 2
IKE Encryption Alg -- 3DES
IKE Auth Alg -- SHA-1
IKE Configurstion Mode -- Enabled

IPsec PFS DH grp -- NO PFS
IPsec Encryption Alg -- any
IPsec Auth Alg -- any
Protected Net -- 0.0.0.0/0

IKE over TCP -- Never

Anyone that could help me will receive a coupon for a large pizza of there choice, and yes I'm that desparate to get this working...
 
Fase 1 mostly means that it cannot find the router or the group settings.


BAZINGA!

I'm not insane, my mother had me tested!
 
The thing to keep in mind about VPNs is settings have to match on both sides exactly.

A VPN is composed of two phases. Phase 1 and Phase 2. You're not getting past the first phase so your IKE settings aren't matching up.

Ask your firewall admin to give you every single setting on the firewall for VPN and match with your phone.

Theodis Butler
President
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top