Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN addressing and setup

Status
Not open for further replies.
phonezilla04

phonezilla04

Vendor
Sep 21, 2004
1
US
Hi,

First of all I would like to say this forum is an amazing place - lost of great inside info..

Here's my situation - please forgive the soliloqy - but I want to give as much info as I can ...

I have a BCM 3.6 I am setting up an IPSEC VPN for IP sets.
I am using the contivity client 4.6
My BCM is located behind a Cablemodem router in the DMZ - so no port filtering is in place yet. The BCM LAN1 has an IP of 192.168.1.230. If I setup a new remote account and assign that remote account a static address in the 10.10.14.0 /24 network , I can setup the VPN , launch my softphone. I can call TDM phones ,and make trunk calls , but cannot call another IP set ( also on IPSEC and with a static IP address) - I cant PING the IP 10.10.14.x address of the other softphone BTW - I can also manage the BCM thru this VPN - The 10.10.14.0 network is assigned the RAS server pool in the Resources -> dialup section , BTW
If I give the remote user account a static ( or pooled ) address in any other network , I get a login authentication failure and cannot setup the VPN at all.
I know my problem is that the IP address assigned to mr by the tunnel cannot see any other routes - but I dont know how give my IPSEC clients a different address
what am I missing ? also what is the relationship between IPSEC accounts and BCM login users ? I notice that when I add an IPSEC account , it gets added to the general users section as well

thanks in advance
PhoneZilla
 
Sort by date Sort by votes
IPSec on BCM natively is a dog.
You will not be able to access the local endpoint of the VPN tunnel (the public IP address of the BCM).
If you wish this to work you will have to define the "published IP" address in IP telephony services to be the public LAN interface of the BCM.
I would not suggest you use the 10.10.14.0 subnet for your remote IP clients. You should be setting up a IP address Pool in the IPSec configuration, normally this would be outside of the scope configured in your DHCP server.
In this case read the programming operations guide for BCM and refer to the examples for setting up IPSec clients.
 
Upvote 0 Downvote
We found the VPN functions of the BCM very weak and disappointing.

Plus it was unstable, had to reboot the BCM everytime VPN failed. So we went with an outside vendor and disconected the BCM from the pubic world.

We installed Fortinet VPN firewalls and they work well. We use i2050s and i2002 reemote IP phones.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AShammah
  • Locked
  • Question
BCM50 Voip.ms sip trunk & call route setup 1
Replies
10
Views
288
AShammah
AShammah
Nick_S
  • Locked
  • Question
BCM50 and BCM50be licensing
Replies
1
Views
146
curlycord
curlycord
Tele-tech
  • Locked
  • Question
BCM50 - Client Wants to dial 0 in users mailbox, call other extension, and end up in that mbox
Replies
5
Views
227
curlycord
curlycord
dellphone
  • Locked
  • Question
BCM50 External paging and ringing contacts question
Replies
1
Views
165
curlycord
curlycord
BCoo
  • Locked
  • Question
BCM 400 Take HD and Put into a different BCM400 can it be done? Keys?
Replies
15
Views
331
curlycord
curlycord

Part and Inventory Search

Sponsor

Back
Top