IP Office Technical Tip



Similar documents
IP Office Technical Tip

IP Office Technical Tip

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Scenario: Remote-Access VPN Configuration

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Configuring the Juniper SSG as an IPSec VPN Head-end to Support the Avaya VPNremote Phone and Avaya Phone Manager Pro with Avaya IP Office Issue 1.

Scenario: IPsec Remote-Access VPN Configuration

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

7. Configuring IPSec VPNs

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

IP Office Technical Tip

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

VPN Wizard Default Settings and General Information

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Configure IPSec VPN Tunnels With the Wizard

Setting up VPN Tracker with Nortel VPN Routers

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Configuring the PIX Firewall with PDM

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

How to configure VPN function on TP-LINK Routers

Chapter 5 Virtual Private Networking Using IPsec

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Module 6 Configure Remote Access VPN

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Configuring a VPN for Dynamic IP Address Connections

Configuring the Juniper Networks SSG Security Platform and Steel-Belted Radius Authentication Server to Support Avaya VPNremote Phones Issue 1.

VPN. VPN For BIPAC 741/743GE

VPN Configuration Guide. Cisco ASA 5500 Series

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

REMOTE ACCESS VPN NETWORK DIAGRAM

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

VPN L2TP Application. Installation Guide

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

VPN SECURITY POLICIES

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Chapter 8 Virtual Private Networking

V310 Support Note Version 1.0 November, 2011

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Configuring the 96xx VPN enabled phone with Juniper SSG-20 for IPSec Based authentication mechanism Issue th October 2009 ABSTRACT

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Lab a Configure Remote Access Using Cisco Easy VPN

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

IPsec VPN Application Guide REV:

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Understanding the Cisco VPN Client

VPN Configuration Guide WatchGuard Fireware XTM

How To Configure L2TP VPN Connection for MAC OS X client

How to configure VPN function on TP-LINK Routers

Abstract. Avaya Solution & Interoperability Test Lab

VPN Configuration Guide LANCOM

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

VPN PPTP Application. Installation Guide

Dial-Up VPN auf eine Juniper

Chapter 4 Virtual Private Networking

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

Connecting Remote Offices by Setting Up VPN Tunnels

Cisco QuickVPN Installation Tips for Windows Operating Systems

Internet. SonicWALL IP SEV IP IP IP Network Mask

How to access peers with different VPN through IPSec. Tunnel

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Global VPN Client Getting Started Guide

RF550VPN and RF560VPN

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

HOWTO: How to configure IPSEC gateway (office) to gateway

Chapter 6 Virtual Private Networking

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Case Study - Configuration between NXC2500 and LDAP Server

Chapter 6 Basic Virtual Private Networking

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Using IPsec VPN to provide communication between offices

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Pre-lab and In-class Laboratory Exercise 10 (L10)

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Transcription:

IP Office Technical Tip Tip No: 221 Release Date: 9 October 2009 Region: GLOBAL Configuring VPNremote Telephones with Cisco Adaptive Security Appliance (ASA) 5510 using the Adaptive Security Device Manager (ADSM) The following document assumes that the user/installer is familiar with configuring both IP Office and VPN devices as well as with manually configuring IP Hard-phones. This document details how to create the VPN tunnels required. It is for reference purposes only. It does not provide details on how to configure any other aspect of either device. Test Systems Software Versions and Basic Telephone Settings IP Office Core Software 4.2.11 Cisco ASA Model 5510 7.2(4) Cisco Adaptive Security Device Manager (ADSM) 5.2(3) IP Telephone Model 5610SW, 5620SW IP Telephone Firmware 2.3.252 IP Office IP Address 192.168.42.5 TFTP Server 192.168.42.100 IP Telephone IP Address DHCP IP Telephone CallSV 192.168.42.5 IP Telephone CallSVPort 1719 [Default] IP Telephone Router DHCP IP Telephone Mask DHCP IP Telephone FileSv 192.168.42.100 IP Telephone 802.1Q Auto IP Telephone VLAN ID 0 Notes 1. The IP Telephones may require a Virtual IP Address to be configured in the VPN settings. Please take care in choosing a Virtual IP Address range. Consider COMPAS ID 138846 Issue 1 Page 1 of 12

where the telephone is most likely to be used and ensure that the Virtual IP Range selected will not conflict. For instance, many VPNremote Telephones may be installed at user s homes. Typically a Home Router uses 192.168.0.x or 192.168.1.x as its internal network range; therefore it is recommended that this is not used as a Virtual IP Address Range. 2. Review the Sample 46vpnsetting.txt file for simplifying configuration settings on the IP Telephones 3. While the defaults for Encryption are set at 4500-4500 and these settings do work in most configurations, there may be instances where depending on what the VPN Router and the Home router supports, the user may need to either amend or disable this setting. IP Office Configuration Using IP Office Manager, Open the Configuration and select IP Routes. Add a New IP Route for the Virtual LAN Network to be used in the environment. Networking Scenario: Cisco Adaptive Security Appliance (ASA) Configuration 1) From the Adaptive Security Device Manager (ADSM) home screen, select the License tab to identify the IPSec encryption algorithms licensed for use. COMPAS ID 138846 Issue 1 Page 2 of 12

Encryption algorithms other than DES require the installation of an enhanced encryption license from Cisco. 2) Start the VPN Wizard by selecting Wizards>VPN Wizard from the ADSM top toolbar. Select Remote Access for the VPN Tunnel Type and outside for VPN Tunnel Interface. All remaining fields can be left at default values. Click Next to continue. COMPAS ID 138846 Issue 1 Page 3 of 12

3) Keep the default selection of Cisco VPN Client, Release 3.x or higher, or other VPN Remote Product. Click Next to continue. 4) Select the Pre-shared Key Authentication Method. Enter your Pre-shared Key and Tunnel Group Name to be used by the Avaya VPNremote Telephones. Click Next to continue. COMPAS ID 138846 Issue 1 Page 4 of 12

5) The internal ASA user authentication database is used in this document. Select the Authenticate using the local user database and click Next to continue. 6) The following screen allows you to create user names and passwords for VPNremote Telephone users. vnpuser1, vpnuser2 and vpnuser3 have been created as shown. Click Add to create your users and then click Next to continue. COMPAS ID 138846 Issue 1 Page 5 of 12

7) Click the New button to create a new IP Address pool. Enter the pool name and the IP Address range to be assigned to VPNremote Telephones as the Virtual IP Address. This address range must not overlap with any addresses on the private enterprise network and must be routable within the enterprise network. Click OK and then click Next to continue. 8) Enter the DNS, WINS and Domain information to be used by the VPNremote Telephones. Click Next to continue. COMPAS ID 138846 Issue 1 Page 6 of 12

9) Select the IKE security association parameters that you want to use from the drop down lists. Here 3DES, MD5 and 2 are used. Click Next to continue. 10) Select the IPSec VPN encryption and authentication parameters from the dropdown lists. Here AES-128 and SHA are used. Click Next to continue. COMPAS ID 138846 Issue 1 Page 7 of 12

11) Accept the default Address Translation Exemption and Split Tunneling options and click Next to continue. 12) Verify the VPN Tunnel options and click Finish to complete. COMPAS ID 138846 Issue 1 Page 8 of 12

13) Ensure the default route has been set. The default route here is set to the outside (public) interface. Navigate to Configuration>Routing>Static Routes and click the Add button. The IP address of 0.0.0.0 with Mask of 0.0.0.0 signifies the default route. The IP address of 10.1.10.54 is the ISP next hop router. Click OK to continue. COMPAS ID 138846 Issue 1 Page 9 of 12

14) If the VPNremote Telephone extensions on the IP Office are configured to allow direct media path, then the following must be done. Navigate to Configuration > Interfaces and tick the Enable traffic between two or more hosts connected to the same interface check box. COMPAS ID 138846 Issue 1 Page 10 of 12

VPNremote Telephone Configuration Below are the parameters to be configured in the VPNremote telephones. Please refer to Technical Tip 205 VPN Telephone Deployment Guide for IP Office on how to configure these parameters. Configuration Options Value Description VPN Profile Cisco Xauth with PSK VPN configuration profile Server 10.1.10.52 IP address of the ASA outside interface User Name vpnuser1 User created in the ASDM VPN Wizard Password 1234567890 Password created in the wizard for the User Group Name vpnphone2 Group name created in the wizard Group PSK 1234567890 Pre-shared key created in the wizard for the Group IKE Parameters IKE ID Type KEY-ID Specifies the format of the Group Name Diffie Hellman Group 2 Can be set to Detect to accept ASA settings Encryption ALG 3DES Can be set to Any to accept ASA settings Authentication ALG MD5 Can be set to Any to accept ASA COMPAS ID 138846 Issue 1 Page 11 of 12

settings IKE Xchange Mode Aggressive Mode used for Phase 1 negotiations IKE Config Mode Enable Enables IKE Xauth Enable Cert Expiry Check Disable Cert DN Check Disable IPSEC Parameters Encryption ALG AES-128 Can be set to Any to accept ASA settings Authentication ALG SHA1 Can be set to Any to accept ASA settings Diffie Hellman Group 2 Can be set to Detect to accept ASA settings VPN Start Mode BOOT IPSec tunnel dynamically starts on phone power up Password Type Save in Flash Saves password in flash so that user is not prompted at phone boot up Encapsulation 4500 4500 Default value to enable NAT Traversal Protected Nets Virtual IP Remote Net #1 0.0.0.0/0 Access to all private nets Remote Net #2 Remote Net #3 Copy TOS Yes Re-write TOS bit value to outside IP Header for QOS File Srvr 192.168.42.100 TFTP/HTTP file server Connectivity Check Always Frequency of connectivity check Issued by: Avaya SME Customer Product Engineering Contact details:- EMEA/APAC Tel: +44 1707 392200 Fax: +44 1707 376933 Email: gsstier4@avaya.com NA/CALA Tel: +1 908 204 4686 Fax: +1 908 204 4687 Email: IPONACALAT4@Avaya.com Internet: http://www.avaya.com 2009 Avaya Inc. All rights reserved COMPAS ID 138846 Issue 1 Page 12 of 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information