Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN Remote for 5600 IP Phones & IP Office? 4
- Thread starter superikey
- Start date
NuggiFirst
Programmer
> And you have been able to plug the phones in anywhere?
Yep !!
> Any luck getting this to work with 56xx phones?
I don't have any 56xx's on hand, so I haven't tried..
> Where did you get thi TrustGate appliance?
We sell Intermate products, so we buy them directly from the manufacturer, check out
How much is it?
Here in Denmark, about 500$
>Aside from the QOS, Would it be any different If I used >any capable IPsec VPN Device?
You'll have a good chance! I have tried on ZyXel ZyWall 35 today, with a little success.. But the VPN times out after some time. I'll have another go on this later this week.
Yep !!
> Any luck getting this to work with 56xx phones?
I don't have any 56xx's on hand, so I haven't tried..
> Where did you get thi TrustGate appliance?
We sell Intermate products, so we buy them directly from the manufacturer, check out
How much is it?
Here in Denmark, about 500$
>Aside from the QOS, Would it be any different If I used >any capable IPsec VPN Device?
You'll have a good chance! I have tried on ZyXel ZyWall 35 today, with a little success.. But the VPN times out after some time. I'll have another go on this later this week.
- Thread starter
- #23
- Thread starter
- #24
khayulay
I read the avaya labls doc about the test they performed. it looks like the vpn remote phone was a 4621SW and the 5610 phones they mentinoned were not running vpn remote, and were just on the LAN.
Any comments? Can I try loading the 4600 firmware on the 5600 phone? What could go wrong?
I read the avaya labls doc about the test they performed. it looks like the vpn remote phone was a 4621SW and the 5610 phones they mentinoned were not running vpn remote, and were just on the LAN.
Any comments? Can I try loading the 4600 firmware on the 5600 phone? What could go wrong?
kristiandg
Programmer
The firmware isn't written for 56xx sets yet. Also, I believe the licensening is on their ASG box, not the phones.
Hope this helps...
Kris G.
Hope this helps...
Kris G.
NuggiFirst
Programmer
I have totally ignored the WebML part of the setup, and it haven't caused me any problems.
My office 4621 have now been connected to the main office via VPN for over a week with no issues.
Besides that we have two "homeoffice" 4620SW running, also with no issues (besides my Level One router at home, which drops the ToS-value..)
I'm still working on the ZyWall-setup though.
I have a customer requesting a test-setup against a GNAT Linux firewall, which should be completed with 1 og 2 weeks.
My office 4621 have now been connected to the main office via VPN for over a week with no issues.
Besides that we have two "homeoffice" 4620SW running, also with no issues (besides my Level One router at home, which drops the ToS-value..)
I'm still working on the ZyWall-setup though.
I have a customer requesting a test-setup against a GNAT Linux firewall, which should be completed with 1 og 2 weeks.
Damn, I've been away for a while, guess no one is interested in that it work on Linksys VPN routers and so on.
As long as the VPN Gateway is compatible with the IPSec settings that VPNRemote uses it will work like a charm.
256bit AES encryption will make the phone more secure than most of your business VPN solutions people are using now days
As long as the VPN Gateway is compatible with the IPSec settings that VPNRemote uses it will work like a charm.
256bit AES encryption will make the phone more secure than most of your business VPN solutions people are using now days
mdegray
IS-IT--Management
- Jul 5, 2006
- 18
- 0
- 0
I've had a remote user using a 4610 into a PIX for over a month. This week, the phone started displaying a warning message that the trial period was about to expire. The reseller I've been working with told me that Avaya said that no additional licensing was needed. I have them rechecking that ill-advice now . . .
Any one got it working with Linksys product? I have RV042 and having problem getting it to work. Any guide or reference for setup other than using Avaya SG? Only thing I found on Avaya site is how to configure Avaya SG.
Thanks in advance.
mdegray: My reseller told me that software is only 30 day trial and will expire after that if not purchased. The price for software is almost same as 4610 phone.
Thanks in advance.
mdegray: My reseller told me that software is only 30 day trial and will expire after that if not purchased. The price for software is almost same as 4610 phone.
MagicStardust
MIS
- Sep 12, 2006
- 7
- 0
- 0
mdegray / khayulay: The 46xx series IP phones are meant to work on both IP Office and Communications Manager platform with G-series media gateways.
To implement the licensing, you're supposed to run the WebLM (license manager - it's free) and purchase the CMEE R3 client $205 per user. However the license enables both systems.
The work around for IP OFFICE, is to use the previous version of the .bin file that provides the same functionality but does not check for the WebLM license when running against the IP office. It works perfectly, but it's not "supported" on an Avaya support contract.
If you post the versions of the equipment you have, along with the license types you're using, I'll respond with the steps.
To implement the licensing, you're supposed to run the WebLM (license manager - it's free) and purchase the CMEE R3 client $205 per user. However the license enables both systems.
The work around for IP OFFICE, is to use the previous version of the .bin file that provides the same functionality but does not check for the WebLM license when running against the IP office. It works perfectly, but it's not "supported" on an Avaya support contract.
If you post the versions of the equipment you have, along with the license types you're using, I'll respond with the steps.
mdegray
IS-IT--Management
- Jul 5, 2006
- 18
- 0
- 0
Thanks, MagicStardust.
My user's phone died this morning - won't connect. I'm assuming that the 30 day eval has expired. Are you telling me that I can replace a .bin on the phone and get it working again with the version 2.0 VPNRemote software? That might be a challenge since my user is 900 miles away (and not at all technical). We do not have a G-series gateway, only a PIX for VPN (unless you count the IPO, but that won't work anyway)
What specific information do you need?
Avaya reseller is still struggling with this . . .
My user's phone died this morning - won't connect. I'm assuming that the 30 day eval has expired. Are you telling me that I can replace a .bin on the phone and get it working again with the version 2.0 VPNRemote software? That might be a challenge since my user is 900 miles away (and not at all technical). We do not have a G-series gateway, only a PIX for VPN (unless you count the IPO, but that won't work anyway)
What specific information do you need?
Avaya reseller is still struggling with this . . .
The phone connects fine to a Linksys RV042 VPN Router, I use the following settings for my setup.
I setup a Client to Gateway VPN Tunnel
Local Group Setup : IP Only, Subnet (enter your local subnet below ie 192.168.0.0/255.255.255.0)
Remote Client Setup : FQDN, and enter a domain name you want to use for IKEID on the phone
IPSec Setup : IKE with Preshared key
The other settings is of your choice, just remeber what you set so you can do the same on the phone.
You need to have Perfect Forward Secrecy checked.
Under Advanced I also have checked
Aggressive Mode
Keep-Alive
AH Hash Algorithm (I use SHA1)
DPD
---
On the phone you edit your VPN settings and choose Profile and Generic PSK.
When you save that profile setting you will get to set the phone to use the same DH group, Encryption and Auth as your RV042.
I don't remember exactly how the settings looked on the phone since I just shipped it to a co-worker for testing.
But under Protected Nets you will need to enter the users external IP adress if he is behind a firewall under Virtual IP and on Protected Net 1 you set you subnet adress (same as above)
IKE Config needs to be disabled and Encapsulation can be disabled och RFC, I use the later.
janni78
Thanks alot for the config instruction. I'll try that. I have one question, you mentioned:
Thanks alot for the config instruction. I'll try that. I have one question, you mentioned:
is it because RV042 currently doesn't support NAT-T in client to gateway feature? I saw beta firmware (1.3.7.9) on linksysinfo.org for RV042 that support client to gateway NAT-T, you think that will solve the problem?
- Thread starter
- #37
I'm only guessing but I think you have to put your external IP adress under Virtual IP since the phone otherwise sends it's local ip adress to the VPN gateway and that would make the gateway unable to find the route to the phone.
Whether or not the VPN Remote is coming to 56xx or not isn't really so important since you can always use a 46xx instead on your IPO.
What's interesting is if Avaya will support VPN Remote for IPO or not, and if they will it problably wont happen before Q3 2007 (guessing ) since we haven't heard anything about it yet.
Whether or not the VPN Remote is coming to 56xx or not isn't really so important since you can always use a 46xx instead on your IPO.
What's interesting is if Avaya will support VPN Remote for IPO or not, and if they will it problably wont happen before Q3 2007 (guessing
) since we haven't heard anything about it yet.- Thread starter
- #39
mdegray
IS-IT--Management
- Jul 5, 2006
- 18
- 0
- 0
Hey superikey,
I've been fighting that battle for over a month now. Still no license file. In fact, yesterday I was told that VPNRemote on the 46xx was never intended to be released for IPO - ECS only. It's somewhat ironic that Avaya has tech docs addressing the VPNRemote for 46xx on IPO, but now say it's not supported. I was told that no one knows how to create a license file for IPO. They've got this really cool product but can't seem to get both sides of the house in agreement on how it should work. Allegedy, there is a beta going on right now that addresses this, but so far, nobody has been able to get me signed up.
Bottom line - those phones will work great for 30 days . . . then they refuse to work at all. Actually, they will work on the local LAN if you disable VPN.
I've been fighting that battle for over a month now. Still no license file. In fact, yesterday I was told that VPNRemote on the 46xx was never intended to be released for IPO - ECS only. It's somewhat ironic that Avaya has tech docs addressing the VPNRemote for 46xx on IPO, but now say it's not supported. I was told that no one knows how to create a license file for IPO. They've got this really cool product but can't seem to get both sides of the house in agreement on how it should work. Allegedy, there is a beta going on right now that addresses this, but so far, nobody has been able to get me signed up.
Bottom line - those phones will work great for 30 days . . . then they refuse to work at all. Actually, they will work on the local LAN if you disable VPN.
- Status
Similar threads
