set up for 9608 VPN phone 5

[headcase69]

hey guys,

i was going to try and set up a 9608 phone to be a VPN phone. i think i have all the programming set up in the IP Office? i have the extension set up as 225 and tick mark box for "allow remote extn"

im just not sure how to set up the Netgear FVS338.... we have multiple PUBLIC IP ADDRESS. im not sure how to set up a route in the firewall? or do i need too? i would think yes, but i need a little help..

 

[wallot]

This got my attention on goolge search. How about for the actual VPN set up - any docs I can reference? Network is not too much an issue just getting the station configured for VPN.

Thanks!

 

[mistymaggie]

amriddle01,

Hi, Your page has helped me try and set up my 9608 sets and get them going but I am stuck-

I ahve done everything I believe that you have outlined on this post by my set comes up with the final status discovering xxx.xxx.xxx.xxx the server address and does not connect

One thing is that on the user ----On the User tab, set the User Profile to Teleworker or Power User. --The only setting I have is basic--

I have rls 8 have have set remote user

Any help you can give me would be appreciated--My customer is remote in Philly and wants to use her set to connect back to the server this week

Thanks,

Wayne

 

[piethief]

On my home router I had to default it and DMZ to the phone with a static address. At the customers house I just plugged it in and it worked. The problem is that residential routers have no standards which is why Avaya language is so vague in the docs.

 

[amriddle01]

piethief, I have had the same issues in the past. Problem is when I encounter this I have now started to plug one of our Mitel remote worker phones in and I have yet to find a router that it doesn't work with, no special config/DMZ required (they use the same method). I do this just to prove a point that it's Avaya's implementation of the process at fault not the customers office/home router

 

[mistymaggie]

Hi amriddle01,

I have been trying to solve this all weekend and am getting frustrated--I have upgraded my customers office to a rls 8 xx they have 9608 sets (2) I have one of them at my office trying to get going remotely and can not--

I have had a commercial tech support tech look at my config and he says it looks good but can not tell me what is wrong--or why I can not connect

The set gets stuck in discovery of the server
The stun test is not working

Could I ask your assistance on this for a charge ?? I need it quickly as my customer is traveling to LA this comming week

 

[DrDrayAvaya]

sounds like you've managed to trick the NAT on that Netgear...

"b. If STUN reports the Firewall/NAT Type as one of the following, the network must be reconfigured if possible as these types are not supported for remote H323 extensions: Static Port Block, Symmetric NAT or Open Internet. "

this is how the RTP stream traverses your NAT. hence difficulties with no voice, just the signalling coming through, like phone ringing, showing in Monitor etc..
Did you forward the RTP range through to the IPO in the NAT/ Port Range forwarding section? just curious... the STUN client is quite useful for finding out what snags you'll hit (the flavour of NAT) with the various routers/NAT's out there. also be aware of routers that have ALG ability... they can be too clever for their own good. rewriting packet headers etc.

Cheers,

Chris

 

[StatusCue]

I'm having a similar problem. On the moniitor I repeatedly get the following:

1056493mS H323Evt: Recv GRQ from 442d6fbc
1056494mS H323Evt: e_H225_AliasAddress_dialedDigits alias
1056494mS H323Evt: found number <252>

If I look at the traffic monitor on my firewall I notice that the IP Office is trying t communicate with the remote 9611G using its internal address from the users home router. I'll use the following example IP addresses to explain:

9611G Home Router Internal IP: 1.1.1.1
Users Home Router Public IP: 2.2.2.2
IP Office Company Public IP: 3.3.3.3
IP Office Company Internal IP: 4.4.4.4

The firewall shows the following:

2012-10-29 16:36:45 Allow 2.2.2.2 3.3.3.3 1719/udp 46504 1719 2-External-Cable 1-Trusted Allowed 352 56 (AnyIPOffice-00) proc_id="firewall" rc="100" dst_ip_nat="4.4.4.4" Traffic

2012-10-29 16:36:45 Allow 4.4.4.4 1.1.1.1 49305/udp 1719 49305 1-Trusted 2-External-Cable Allowed 137 98 (AnyIPOffice-00) proc_id="firewall" rc="100" Traffic

As you can see, when the IP Office tries to respond back to the phone it is trying to contact it using 1.1.1.1 but it should be using 2.2.2.2.

Any ideas how to get this working? The Firewall being used is a watchguard XTM505.

 

[Bas1234]

Did you enable STUN?
Turned off H323 ALG in the Watchguard?

___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged (Avaya Search tool

http://tinyurl.com/bas1234

)
______________________________________

 

[StatusCue]

I'm not using the H323 ALG proxy in the watchguard. I'm using a custom packet filter for the NAT and port forwarding. As for STUN, I've tried a variety of settings and several STUN servers but nothing seems to work.

 

[Bas1234]

Do you use dynamic NAT or 1 to 1 NAT?
I think you need 1 to 1 NAT.

http://www.watchguard.com/help/docs/wsm/11/en-us/content/en-us/policies/apply_nat_rules_c.html

Also try to setup ALG it might work better on a watchguard.

http://www.watchguard.com/help/docs/wsm/11/en-us/content/en-us/proxies/h323/h323_proxy_about_c.html

___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged (Avaya Search tool

http://tinyurl.com/bas1234

)
______________________________________

 

[StatusCue]

I was aready using 1 to 1 NAT. I just tried the H323 ALG and it is still giving me the same issues.