VPN Firewall for IPO 3

lsavaya · Mar 4, 2014

Im running 9.0 IP Office software and going to use the new built in VPN on 9608 handsets. Does anyone know a list of working small business VPN firewalls? Brand and model #.

Thanks

nnaarrnn · Mar 4, 2014

There's only a handful that are compatible. Check that list first.

tlpeter · Mar 4, 2014

Cisco 8xx work well.

BAZINGA!

I'm not insane, my mother had me tested!

mkoker · Mar 4, 2014

Netgear FVS336G as well

NTS Direct

hairlessupportmonkey · Mar 4, 2014

and the watchguard works a treat...

ACSS - SME
General Geek

Gunnaro · Mar 4, 2014

Cisco ASA 5505 could be an option too, if the work load isn't to heavy.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

hairlessupportmonkey · Mar 4, 2014

Ive really gone off the ASA, because they seem to get really flakey with age.

ACSS - SME
General Geek

Gunnaro · Mar 4, 2014

I think it depends on the load, have a couple installed for single VPN phones around the globe, worked for years without any issues.
5505 is not built for being more than a small branch firewall.

Kind regards

Gunnar
__________________________________________________________________
Hippos have bad eyesight, but considering their weight, it’s hardly their problem

lsavaya · Mar 4, 2014

Thanks for the quick replies. Very much appreciated.

dphoneguy24 · Mar 7, 2014

I have a WG XTM appliance and I get a message "IKE Phase 2 no response" in my 9608IP phone. Any help from anyone that uses WatchGuard appliances and has 96x1 IP phones working on VPN would be greatly appreciated. Running IP500v2 R9.

Thanks

hairlessupportmonkey · Mar 8, 2014

make sure your VPN profile is set to Juniper and simply make sure all your IPSEC and IKE properties are the same. Also add the protected network and dont leave it on 0.0.0.0

I use VPN phones with XTMs all the time.

ACSS - SME
General Geek

dphoneguy24 · Mar 10, 2014

Thanks hairless - got it working, but when I login to voicemail the set will lock up and will not respond.

dphoneguy24 · Mar 10, 2014

It's not just voicemail. The set will lock-up even on a call. After the call has ended, the display still shows the call in progress and pressing DROP, Speaker, or lifting the handset and replacing will not disconnect the phone. In SSA the phone is showing idle.

hairlessupportmonkey · Mar 10, 2014

i suspect the VPN is dropping.

reboot the watchguard.

ACSS - SME
General Geek

dphoneguy24 · Mar 11, 2014

HSM

The VPN isn't dropping. SSA still shows the phone connected and I can even ping it from SSA. The damn thing just locks up. No button's respond at all. After a few minutes in this state, the display will read "Retrieval failed" - Connecting... then the extension number and the date/time will appear. Still shows "Connecting..."

If you don't mind me asking, what parameters do you usually use with the WG firewalls?

Back in the day when I was using 4620 sets, I was using a WG X550e
Phase I - User-FQDN - DH2, Encryption Alg set to Any, Authentication Alg set to any, IKE Xchg Mode - Agressive, IKE Config Mode Enable, XAuth - Enable,
IPSEC Parameters - DH2, Encryption Alg - Any, Auth. Alg Any

Currently using XTM 5 Series device with the following setup on the phone that match the WG settings
VPN - Enabled, VPN Vendor - Juniper/Netscreen
Encapsulation 4500-4500
Copy TOS No
Auth. Type - PSK w XAUTH
VPN User Type - Any
Password Type - Save in Flash

IKE Phase 1
IKE ID Type - USER_FQDN
IKE Xchg Mode - Agressive
IKE DH Group - 2
IKE Encryption Alg - 3DES
IKE Auth Alg - SHA-1
IKE Config Mode Enabled

IKE Phase 2
IPSec PFS DH Group 2
IPSec Encryption Alg - 3DES
IPSec Auth Alg - SHA-1
Protected Networks: 192.168.010.000/24 - (IP Office LAN)

VPN Config - IKE over TCP set to Auto - also have tried Never

hairlessupportmonkey · Mar 11, 2014

try changing the DH group on Phase 1 to Group 1 and on IKE turn it off. perhaps the encryption is a bit much for the handset. (these are the settings I use incl the rest you have already set.)

ACSS - SME
General Geek

dphoneguy24 · Mar 12, 2014

If I turn off IKE Config. Mode, the set goes to "Discover 192.168.10.10" the IP address of the IP500v2

If I enable IKE, then the set comes up and functions for awhile but the lockup problem still persists.

Any idea what I am missing?

hairlessupportmonkey · Mar 12, 2014

Then you havent set an IP pool in your ipsec mobile vpn config.

ACSS - SME
General Geek

dphoneguy24 · Mar 13, 2014

Yes I have a Virtual IP Address pool added. Frustrating...

hairlessupportmonkey · Mar 13, 2014

what do the WG logs look like when it drops?

ACSS - SME
General Geek

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

VPN Firewall for IPO 3

Programmer

IS-IT--Management

Programmer

Instructor

IS-IT--Management

Vendor

IS-IT--Management

Vendor

Programmer

Technical User

IS-IT--Management

Technical User

Technical User

IS-IT--Management

Technical User

IS-IT--Management

Technical User

IS-IT--Management

Technical User

IS-IT--Management

Similar threads

Log in

Part and Inventory Search

Sponsor