Programing IP Phones to VPN Phones with ASA5505

[mletendre]

Ok I just updated IP office to 7.0 and we have 2 5610 IP phones. I can not find any info on setting these up. i think I got the VPN stuff all done in the ASA, I used

https://docs.google.com/viewer?a=v&...3YBre_&sig=AHIEtbQAPv3ZVgw1yLrH5-iFB-nlkMiMAA

to program the VPN tunnel on the ASA.

Now comes to the IP office part, I have NO idea where to even begin. I want to set it up so that the 5610 is a vpn phone. I was told that i would have to load firmware and it should be int he folder that I unzipped when I upgraded the IP Office system but am not sure how to do that, configure the IP office system or the phone itself, any walkthroughs or tutorials would be great!

 

[hairlessupportmonkey]

please, just ask a business partner to sort this for you.

It takes someone experienced (me ) 20ish minutes a phone to do, and even configure the ASA in 10 minutes.

dont be tight, do it right ;-)



ACSS - SME
General Geek

 

[mletendre]

well the business partner we bought the system from and then the upgrade from isnt very helpful. When I told them it was an ASA5505 I got this email response

"That’s a very complicated router – and beyond my capabilities. You will need an IT-type to set-up a VPN Client-based IPSEC tunnel connection.


Then whatever tunnel settings they specify – will need to be manually keyed into the phone – after it is converted to a VPN Client phone.

Tom"

Of course when i was buying the license and stated what equipment I had it was no problem it would be easy.... then they took almost 2 weeks to get me the upgrade key!

 

[hairlessupportmonkey]

> That's a very complicated router

Yikes, completely clueless... its a firewall not a router.

anyway.... find another BP who has half a clue. you dont need to be an IT type to understand the ASA as its not all the complicated - specially the 5505.

what firmware are you running on the firewall? Advanced Security?

ACSS - SME
General Geek

 

[mletendre]

any suggestions on one that wouldnt charge an arm and a leg for this?

 

[mletendre]

We are just running a basic license on the ASA


So I had purchased the whole IP office system from this one company, and then an upgrade later. We have 4 IP phones... now trying to get these to work they have just emailed me the job aids and I ask them specifics and help when its not working.... I get answers like this email chain.... Again I have a CISCO ASA5505 and they keep referring to a different install guide. I did find one for the cisco but it still is having issues

"Mike:



I’m not an IT guy – so most of what you show is gooblygook to me.



I know that the Cisco router is particularly complex to program.



I would get an IT guy and/or Cisco involved.



Again the Netgear router document I sent you shows two ways to set up the VPN Client. I always used the 2nd approach – which requires only a pre-shared key (no username or passwords) – because the setup is much simpler.



I would try the simpler approach.



Tom"

My reply was Cisco would probably say to contact Avaya or the Partner i purchased everything through and he writes back

"Mike:



Forget Cisco – and get an IT guy who is familiar with the ins and outs of Cisco routers – and make sure they understand how to set-up a VPN Client tunnel for H323 traffic - not every IT guy is.



As for Avaya – they do not provide support for Cisco or anyone else’s routers – just for their phone systems. They do issue Job Aids – from time to time – like the one I emailed you.



Unless the reseller also sold you the router – they provide support only for the equipment they sell.



Tom"



So really what are my options here???? To hire someone to just set this up I think would really break our budget and I think I am getting close even without their help.

 

[mletendre]

At this point if anyone can help me fix this i would be happy to use PayPal to compensate them for the help....

 

[hairlessupportmonkey]

Where are you based? I am on holiday atm but can help you at the end of the month....

Email sean_at_oc-stuff_dot_com

ACSS - SME
General Geek

 

[mletendre]

Boston MA area, well just north of that.

 

[amriddle01]

Tek Tips on holiday is banned Sean, you should know that

 

[mattKnight]

>Tek Tips on holiday is banned Sean, you should know that

He's ok, unless Mrs Sean finds out - then he's toast.

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

 

[hairlessupportmonkey]

indeed it is.... since when have i obeyed the rules of TT?

ACSS - SME
General Geek

 

[R3LzX]

yea I'm actually doing one of these as I type, just finished... not too difficult but i grew up on pix. / asa


supportatgoaveno_com

that is if none else wants it..

 

[mletendre]

On the phone side I am getting 2 errors

Ike phase 2 proposal mismatch
Error code 399769814
Module notify 444




Ike phase 2 no response
Error code 3997700:0
Module ikecfg:1184


In the Cisco ASA I am will upload a screen shot of the monitor

 

[mletendre]

this is from the ASA

Username is VPN1
Group is VPN2 (I had made a few groups as I tried to correct the situation)

 

[mletendre]

In order to avoid conflicts the home office is set up as 192.168.2.x with a 255.255.255.0 subnet, and I added this to the pool of the Avaya to assign to the phone. The rest of the internal network is 192.168.1.x

 

[stownsend]

If you are still having issues, I have a IPO 500 v1 R5 with 5610 phones at remote sites behind ASA5505, PIX 506 Firewalls not several behind Cisco RW2002W routers.
The Head end is behind a ASA5510.

The remote firewalls and ASA5510 have a LAN-To-LAN VPN connection between them.
You then need a DHCP Server to tell the Phone who the Call and file servers are.

Not sure on the ASA5505, but the Cisco PIX 506 you can use the Built in DHCP and use the following in your DHCPD config:

dhcpd option 176 ascii MCIPADD=10.1.0.40,MCPORT=1719,TFTPSRVR=10.1.0.42

The Remote 5610 Phones are no different than the Phones at the Head end office. I can swap any phone in any location and they all boot just fine.


Let me know if you need some assistance.

 

[IPOfficeGuru]

Phase 2 errors on ASA is usually due to the DH group settings, if you used the Cisco ASA VPN wizzard the DH group setting is probably set to "1": it needs to be set to "2".

"Never fear billing a client for services rendered, or they will think your time is worthless"