IP Office - Job Aid Remote Access Summary This document covers how to allow a remote PC or device to gain access to the IP Office network. 016 Issue 1 (15th November 2002)
Remote Access The following document covers the basic IP Office setup for a remote PC to connect to an IP Office system. Once connected, the remote PC is part of the IP Office network and can run many of the IP Office applications. WARNING: Do Not Run Upgrade Across RAS Links The Upgrade facility within the IP Office Manager application should not be used over a RAS link of any kind. To do so will result in a 'frozen' Control Unit which will have to be returned to its factory defaults via its DTE port. The diagram below is a general schematic of RAS. Remote PC PSTN Incoming Call Route Time Profile* Firewall Profile* IP Route* RAS User Extension *Optional The need for an IP Route within the IP Office is dependant on the respective IP address domains of the Remote PC and the IP Office. Note that if the connection is via analogue modem or line, the IP Office must also have Modem2 module installed. Remote Access Page 2
IP Office Remote Access Setup IP Office Remote Access Setup The following process creates a defines a RAS User on the IP Office system. 1. Create a User Click on the User icon to display the list of existing users. Right-click on the list area and select New. The required details are: In the User tab: Enter a Name and Password. Remember that the IP Office is case sensitive. Remember to take care with passwords as this is a remote access link into your network. In the Dial In tab: Ensure that Dial In On is ticked. 2. Create a RAS Entry Click on the RAS icon to display the list of existing remote access services. Right-click on the list area and select New. In the RAS tab: You must enter the same name as the user that you created earlier. Again remember this is case sensitive. 3. Create an Incoming Call Route Click on the Incoming Call Route icon to display the list of existing routes. Right-click on the list area and select New. Set the Bearer Capability to Any Data. In the Destination dropdown list select the RAS entry created above. The values that you enter for any of the other fields will depend on whether the remote user will be calling in on a particular line, number or from a set CLID. 4. Is a Return IP Route Needed? The steps above are sufficient for an incoming digital data connection. However, if the remote user has an IP address that is not in the same domain as the IP Office, then an IP Route is needed for outgoing return data. This is not necessary if the remote user has an IP address on same domain as the IP Office. Go to Step 6. This is not necessary if the remote user's dial-up connection method is set to 'Obtain an IP Address Automatically' and the IP Office's DHCP mode is set to Server or DialIn. Go to Step 6. 5. Create a IP Route Click on the IP Route icon to display the list of existing routes. Right-click on the list area and select New. Enter the IP Address and IP Mask of the remote system. In the Destination drop-down list select the RAS entry created above. 6. Send the configuration to the IP Office and reboot. Remote Access Page 3
Remote Access Using Analogue Lines Remote Access Using Analogue Lines If the remote connection is using an analogue line then the same principles apply except for the following: The IP Office must have IP Office Modem2 card installed in order to handle analogue data calls. To determine if you IP Office Control Unit has a Modem2 card installed, start Monitor. One of the first lines shown includes the item MDM= followed by the number of modem circuits. Using the Incoming Call Route menu you MUST be able to clearly identify the analogue RAS call, either by its incoming number or by the CLI. Create a route entry for this with the Bearer Capability set to Any (there is no D-Channel signal from an analogue line so the call is not automatically recognized as data) and the Destination set to the RAS entry previously created. Additional User Controls A number of other aspects of system programming Time Profiles: A Time Profile can be used to specify when a user can remotely access the system. Once a profile has been created it is applied to the user through their User Dial In tab. Firewall Profiles: A Firewall Profile can be used to specify what types of traffic can be run across a remote access connection. Once a profile has been created it is applied to the user through their User Dial In tab. VoIP Extensions: In theory a VoIP call could be run across the remote access connection. However in practice the quality would be reliant on the all parts of the call connection route supporting QoS. Note: If a remote access user runs an H.323 IP Softphone (eg IP Enabled Phone Manager Pro, the H.323 Gateway on the IP Office would create a new extension and user for that Softphone (subject to IP Office licensing). For programming neatness, and to give the remote user a fixed extension number, it may be better to manually create a VoIP Extension and associate with the RAS User. Remote Access Page 4
Remote Dial-up PC Setup Remote Dial-up PC Setup These instructions assume that you are using a PC with a Microsoft Windows operating system. However the general principles are applicable to any PC capable of dial-up networking. 1. If the IP Office is running DHCP is Server or Dial In mode, then set the PC's Network Properties for TCP/IP via the Dial-Up Adapter to Obtain an IP Address Automatically. This does not affect the PC's Network card settings which can be running a separate set of IP address settings. You can also alter the TCP/IP settings of individual dial-up connections to either Server Assigned Address (DHCP) or to a fixed IP Address (ie. one matching the IP Office's domain). 2. Create a new dial up networking session. 3. Ensure that the User Name and Password match those created for the RAS User on the IP Office. 4. The telephone number dialed or the CLI from which dialing occurs must match the incoming call route created for remote access. Remote Domain Browsing and LMHOSTS Over a basic RAS connection the Remote PC is able to route IP traffic into and out of the IP Office network. For the Remote PC to be able to browse network drives and facilities on the IP Office network requires further setup. This is done via the use of a LMHOST file on the Remote PC and requires information from the Network Administrator relating to the network's Domain Controllers and other devices. Full details of this can be found in Microsoft Knowledge Base Article - Q150800. Remote Access Page 5
Remote Domain Browsing and LMHOSTS Performance figures and data quoted in this document are typical, and must be specifically confirmed in writing by Avaya before they become applicable to any particular order or contract. The company reserves the right to make alterations or amendments to the detailed specifications at its discretion. The publication of information in this document does not imply freedom from patent or other protective rights of Avaya, or others. Intellectual property related to this product (including trademarks) and registered to Lucent Technologies has been transferred or licensed to Avaya. This confidential document is the property of Avaya and without its prior written consent may not be disclosed to a third party nor copied. Any comments or suggestions regarding this document should be sent to "wgcpublishing@avaya.com". Copyright 2002 Avaya Remote Access Page 6