KX-TDE100 KX-TDE200 www.voicesonic.com Phone 877-289-2829 Technical Information Communication Systems Division DATE: Monday October 01, 2007 DOCUMENT NO. TN-KXTDE-1007-1 Title: Peer to Peer Communications on TDE systems Using Multi-Tech Routers Systems Affected: KX-TDE100/KX-TDE200 Associated Tech Notes: TN-KXTDE-1007-1 Symptoms: One path VPN tunnels between Remote sites and PBX site will not allow Peer to Peer calls for NT300 series phones. Causes: NT-300 series phones will use the main VPN tunnel from its site to the PBX site to setup the call to other remote location NT300 phones, but once the call is established, direct channel between the remote sites for Peer to Peer communications is not available. Solutions: Use VPN routers (i.e. Multi-Tech RF830 and RF820) to build a VPN Mesh-Topology between the Main and remote locations. Mesh topology occurs when every node has a VPN connecting it to every other node in a network. Example: TN-KXTDE-1007-1 Page (1 of 10)
Step #1 Assign IP addresses to Routers Interfaces Main Router Log in to your RF830 (Main) and go to the Network setup screen and configure the Router WANs and LAN Site1 Log in to your RF820 (Side1)and go to the Network setup screen and configure the Router WAN and LAN TN-TXTDE-1007-1 Page (2 of 10)
Site2 Log in to your RF820 (Side 2) and go to the Network setup screen and configure the Router WAN and LAN TN-TXTDE-1007-1 Page (3 of 10)
Step#2 Configure Routers remote networks and services LAN (192.168.25.1) WAN (65.126.90.250) WAN (65.128.90.250) LAN (192.168.26.1) Multi-Tech Router Finder RF820 (Side 1) Multi-Tech Router Finder RF820 (Side 2) WAN1 (65.126.90.251) WAN2 (65.128.90.251) Host Network 1 Host Network 2 192.168.25.0 192.168.26.0 Multi-Tech Router Finder RF830 (Main) LAN (192.168.2.1) PBX Network 192.168.2.0 PBX Side (Main): Define the remote sites's routers interfaces and networks 1. Log in to your RF830 (Main) and go to the Networks & Services screen. 2. Enter a Name for the remote WAN IP address. Example: Remote-WAN1 3. Enter the remote WAN IP Address (Ex. 65.126.90.250) with a single Subnet Mask of 255.255.255.255 4. Click Add to add the network to the list 5. Enter a Name for the remote LAN IP Address ( connected to Network1). Example: Remote-LAN1 6. Enter the remote LAN IP Address (Ex. 192.168.25.0) with a network Subnet Mask for the 255.255.255.0. 7-Repeat the above steps for Remote-WAN2 and Remote-LAN2 8-Remote WAN2 (Ex. 65.128.90.250, Subnet 255.255.255.255), Remote LAN2 (Ex. 192.168.26.0, Subnet 255.255.255.0) TN-KXTDE-1007-1 Page (4 of 10)
Packet Filtering for Main site 9-Go to the Packet filters page and set the proper packet filtering for your Router ** Add all remote LAN's and WAN's to "from" fields ** Add the Local LAN to "from" field Site 1 router: Define the remote sites's routers interfaces and networks 1. Log in to your RF820 and go to the Networks & Services screen. 2. Enter a Name for the remote WAN IP address. Example: Remote-WAN 3. Enter the remote WAN IP Address (Ex. 65.126.90.251) with a single Subnet Mask of 255.255.255.255 4. Click Add to add the network to the list 5. Enter a Name for the remote LAN IP Address. Example: Remote-LAN 6. Enter the remote LAN IP Address (Ex. 192.168.2.0) with a network Subnet Mask for the 255.255.255.0. 7-Repeat the above steps for P-PWAN and P-PLAN 8-P-PWAN (Ex. 65.128.90.250, Subnet 255.255.255.255), P-PLAN (Ex. 192.168.26.0, Subnet 255.255.255.0) P-PWAN P-PLAN TN-KXTDE-1007-1 Page (5 of 10)
Packet Filtering for site 1 9-Go to the Packet filters page and set the proper packet filtering for your Router ** Add all remote LAN's and WAN's to "from" fields ** Add the Local LAN to "from" field Site 2 router: Define the remote sites's routers interfaces and networks 1. Log in to your RF820 and go to the Networks & Services screen. 2. Enter a Name for the remote WAN IP address. Example: Remote-WAN 3. Enter the remote WAN IP Address (Ex. 65.126.90.251) with a single Subnet Mask of 255.255.255.255 4. Click Add to add the network to the list 5. Enter a Name for the remote LAN IP Address. Example: Remote-LAN 6. Enter the remote LAN IP Address (Ex. 192.168.2.0) with a network Subnet Mask for the 255.255.255.0. 7-Repeat the above steps forp-pwan and P-PLAN 8-P-PWAN (Ex. 65.128.80.250, Subnet 255.255.255.255), P-PLAN (Ex. 192.168.25.0, Subnet 255.255.255.0) P-PWAN P-PLAN TN-KXTDE-1007-1 Page (6 of 10)
Packet Filtering for site 2 9-Go to the Packet filters page and set the proper packet filtering for your Router ** Add all remote LAN's and WAN's to "from" fields ** Add the Local LAN to "from" field TN-KXTDE-1007-1 Page (7 of 10)
Step # 3 Building the VPN IPSec Tunnels between sites Main (PBX Site Router) Build VPN tunnels to remote routers 1. Go to the VPN > IPSec screen. 2. Click the VPN Status check box to enable IPSec. Then click the Save button. 3. Select Add an IKE Connection by clicking the corresponding Add button. The Add an IKE Connection screen displays. All settings can be left at the default unless otherwise indicated: 1. Connection Name: Enter in the name of the VPN tunnel you want to create. Example:Side2 2. Secret: Enter in the Secret (which has to match on both ends of the tunnel) 3. Local WAN IP: Select WAN2 4. Local LAN: Select LAN 5. Remote LAN: Select Remote-LAN2. Note that you should select ANY if the network is unknown or the name you created is for the static IP) 6-Remote Gateway will be set to the WAN interface of the other end of the Tunnel (Remote-WAN2) 7. Click the Save button to save your tunnel **VPN for Side1 will be of the same configuration as Side 2 ( Local WAN IP=WAN1, Remote Gateway IP= Remote-WAN1, Remote LAN= Remote-WAN1) Remote-WAN1 TN-KXTDE-1007-1 Page (8 of 10)
Site 1 Router Build VPN tunnels to Main and other remote routers 1. Go to the VPN > IPSec screen. 2. Click the VPN Status check box to enable IPSec. Then click the Save button. 3. Select Add an IKE Connection by clicking the corresponding Add button. The Add an IKE Connection screen displays. All settings can be left at the default unless otherwise indicated: 1. Connection Name: Enter in the name of the VPN tunnel you want to create. Example:Main 2. Secret: Enter in the Secret (which has to match on both ends of the tunnel) 3. Local WAN IP: Select WAN 4. Local LAN: Select LAN 5. Remote LAN: Select Remote-LAN. Note that you should select ANY if the network is unknown or the name you created is for the static IP) 6-Remote Gateway will be set to the WAN interface of the other end of the Tunnel (Remote-WAN) 7. Click the Save button to save your tunnel Peer to Peer for Side 1 ****By following the same steps from (1-7) to create VPN tunnel P-P P-PWAN P-PLAN Side 1 VPN's P-P P-PWAN P-PLAN TN-KXTDE-1007-1 Page (9 of 10)
Site 2 Router Build VPN tunnels to Main and other remote routers 1. Go to the VPN > IPSec screen. 2. Click the VPN Status check box to enable IPSec. Then click the Save button. 3. Select Add an IKE Connection by clicking the corresponding Add button. The Add an IKE Connection screen displays. All settings can be left at the default unless otherwise indicated: 1. Connection Name: Enter in the name of the VPN tunnel you want to create. Example:Main 2. Secret: Enter in the Secret (which has to match on both ends of the tunnel) 3. Local WAN IP: Select WAN 4. Local LAN: Select LAN 5. Remote LAN: Select Remote-LAN. Note that you should select ANY if the network is unknown or the name you created is for the static IP) 6-Remote Gateway will be set to the WAN interface of the other end of the Tunnel (Remote-WAN) 7. Click the Save button to save your tunnel Peer to Peer for Side 2 ****By following the same steps from (1-7) to create VPN tunnel P-P P-PWAN P-PLAN Side 2 VPN's P-P P-PWAN P-PLAN See More Panasonic Manuals www.voicesonic.com Phone 877-289-2829 TN-KXTDE-1007-1 Page (10 of 10)