IP Office Technical Tip



Similar documents
IP Office Technical Tip

IP Office Technical Tip

VPN SECURITY POLICIES

How to configure VPN function on TP-LINK Routers

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Configuring the Juniper SSG as an IPSec VPN Head-end to Support the Avaya VPNremote Phone and Avaya Phone Manager Pro with Avaya IP Office Issue 1.

VPN Wizard Default Settings and General Information

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

How to configure VPN function on TP-LINK Routers

Chapter 5 Virtual Private Networking Using IPsec

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configure IPSec VPN Tunnels With the Wizard

ISG50 Application Note Version 1.0 June, 2011

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Chapter 8 Virtual Private Networking

IPSec Pass through via Gateway to Gateway VPN Connection

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

V310 Support Note Version 1.0 November, 2011

Windows XP VPN Client Example

VPN. VPN For BIPAC 741/743GE

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

7. Configuring IPSec VPNs

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Chapter 4 Virtual Private Networking

Gateway to Gateway VPN Connection

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN Quick Configuration Guide. Astaro Security Gateway V8

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Chapter 6 Virtual Private Networking

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

HOWTO: How to configure IPSEC gateway (office) to gateway

The BANDIT Products in Virtual Private Networks

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring the Juniper Networks SSG Security Platform and Steel-Belted Radius Authentication Server to Support Avaya VPNremote Phones Issue 1.

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Chapter 6 Basic Virtual Private Networking

Dial-Up VPN auf eine Juniper

Virtual Private Network and Remote Access Setup

How To Industrial Networking

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

How to access peers with different VPN through IPSec. Tunnel

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Lab a Configure Remote Access Using Cisco Easy VPN

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

axsguard Gatekeeper IPsec XAUTH How To v1.6

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

VPN Configuration Guide LANCOM

FortiOS Handbook IPsec VPN for FortiOS 5.0

LAN-Cell to Cisco Tunneling

IP Office Technical Tip

Understanding the Cisco VPN Client

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

VPNC Interoperability Profile

Shrew Soft VPN Client Configuration for GTA Firewalls

How To Configure L2TP VPN Connection for MAC OS X client

IP Office Technical Tip

TheGreenBow VPN Client. User Guide

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

GB-OS. VPN Gateway. Option Guide for GB-OS 4.0. & GTA Mobile VPN Client Version 4.01 VPNOG

Internet. SonicWALL IP SEV IP IP IP Network Mask

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

What information will you find in this document?

Virtual Private Network and Remote Access

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Lab Configure Remote Access Using Cisco Easy VPN

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Juniper NetScreen 5GT

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Pre-lab and In-class Laboratory Exercise 10 (L10)

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Creating a VPN Using Windows 2003 Server and XP Professional

Cisco RV 120W Wireless-N VPN Firewall

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide.

SingTel VPN as a Service. Quick Start Guide

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Cisco QuickVPN Installation Tips for Windows Operating Systems

Transcription:

IP Office Technical Tip Tip no: 186 Release Date: August 14, 2007 Region: GLOBAL Configuring a VPN Remote IP Phone with an Adtran Netvanta 3305 VPN Router The following document assumes that the user/installer is familiar with configuring both the IP Office and VPN device as well as setting manually configuring IP Hard-phones. This document is for reference purposes only when creating the VPN tunnels and does not provide any details on how to configure any other aspect of either device. Test Systems Software Versions and Basic Phone Settings IP Office Core Software 4.0.7 Adtran Netvanta 3305 Router Software 15.02.00.E IP Phone Model 5610 IP Phone Firmware 2.3.252 IP Office IP Address 192.168.2.5 TFTP/File Server 192.168.2.10 IP Phone IP Address DHCP IP Phone CallSV 192.168.2.5 IP Phone CallSVPort 1719 [Default] IP Phone Router DHCP IP Phone Mask DHCP IP Phone FileSv 192.168.2.10 IP Phone 802.1Q Auto IP Phone VLAN ID 0 Password used during testing 123456789 Remote ID (Group Name) vpntrial10 User Name vpn10 User Password 123456789 COMPAS ID 129967 Issue 1 Page 1 of 7

Notes 1. The IP Phones may require a Virtual IP Address to be configured in the VPN settings. Please take care in choosing a Virtual IP Range. Consider where the phone is most likely to be used and ensure that the Virtual IP Range selected will not conflict. For instance, many VPN IP Phones may be installed at user s homes. Typically a Home Router uses 192.168.0.x or 192.168.1.x as its internal network range therefore it is recommended that this is not used as a Virtual IP Address Range. 2. IMPORTANT: Many VPN Routers will not allow a direct media path to be established between two VPN Endpoints. It will be necessary to uncheck the Direct Media Path checkbox in the Extension Configuration in IP Office. Failure to do so will result in No Speech path when two VPN extensions try and establish a call. 3. Review the Sample 46vpnsetting.txt file for simplifying configuration settings on the IP Phones. 4. While the defaults for Encryption are set at 4500-4500 and these settings are preferred, there may be instances where (depending on what the Home router supports) the user may need to either disable this setting, or change to one of the other options. 5. If manually configuring a Virtual IP Address on the IP Hard-phone, ensure that accurate records are kept of IP Address allocations to avoid IP Address conflicts. IP Office Configuration Using IP Office Manager, Open the Configuration and Select IP Routes. Add a New IP Route for the Virtual LAN Network to be used in the environment. COMPAS ID 129967 Issue 1 Page 2 of 7

Modify the Extensions VoIP Tab for those extensions that will be VPN Extensions, and uncheck the Direct Media Path Check Box. COMPAS ID 129967 Issue 1 Page 3 of 7

Adtran Netvanta 3305 VPN Router VPN Configuration settings Networking Scenario: Important Requirements when using the Adtran Netvanta Router The Following configuration settings / requirements must be configured when using an Adtran router 1. The VPN Remote phone Juniper with XAUTH profile must be used. 2. Each VPN Phone must use a unique XAUTH Username. 3. If more than one client will be connecting from the same NAT Address each device must use a different Remote ID. The Remote ID used for the phone(s) must be configured to Allow XAUTH. [An example would be a remote user connecting VPN Software client installed on a PC, as well as a VPN IP Phone from a Home High Speed Internet connection.] Adtran Netvant 3305 IKE and VPN Policy Settings To Allow XAUTH, it may be necessary to check the AAA Mode Checkbox on the Adtran Router. This setting is found on the Passwords page of the Adtran Management interface. By default this is not enabled. By default the Adtran Netvanta does not have QoS enabled. Use the QoS Map Wizard and manually change parameters as needed or configure the QoS Map Manually. QoS Map Setup Match Packets DSCP (46) Packet Marking Disable Priority Queue Unlimited Bandwidth To create usernames, select the Passwords Link in the Adtran Management interface TIP: Using the Serial Number of the IP Phone as the Username. Configure the 46vpnsetting.txt file and consider using the [SET NVVPNUSER COMPAS ID 129967 Issue 1 Page 4 of 7

%SERIALNUM%] option. Assign a common password to all Users and use the [SET NVVPNPSWD] option. Note: Some phones Serial Numbers may contain letters, while others will be all numbers. Letters must be entered in Capitals, not lower case or the Router will not accept the username and authentication will fail. Username and Passwords Username vpn10 Password 123456789 As noted above, in the event that there will be more than one VPN Device connected from the same remote network using NAT, a Remote ID must be created for each device Tip: Keeping the password the same, will allow for the password to be applied using the 46vpnsetting.txt script file. If only one Remote ID will be required, this may also be applied via the 46vpnsetting.txt file, however if more than one Remote ID is required, this value should not be configured in the script file and should be manually assigned on the phone. Policy Configuration VPN Peer Configuration Name VPN Interface Peer Type IKE Configuration XAUTH Respond Mode NAT Traversal Local ID IPSEC Configuration PFS Encryption / Hash Encryption / Hash Lifetime Adtran Interface that will Terminate the VPN Tunnel Mobile Peer Any Allow V1 and Allow V2 IP Address 71.10.10.4 Group2 ESP:3 DES / SHA1 No Additional Transforms 28800 seconds IKE Attribute Encryption / Hash 3 DES Hash SHA Authentication Pre Shared Key DH Group 2 Lifetime 28800 seconds COMPAS ID 129967 Issue 1 Page 5 of 7

Remote Id s Allowed to Connect Remote ID Type FQDN Remote ID vpntrial10 Mode Config Pre Shared Key 123456789 XAUTH NAT Traversal Allow V1 / Allow V2 Remote Addressing IP Range 172.16.22.1 to 172.16.22.253 VPN Selector Entry Type Permit Protocol Any Source Network / Ports 192.168.2.0/24 Destination Network / Ports 172.16.22.0/24 VPN Remote Phone Settings VPN Remote Phone Configuration VPN Profile Juniper XAUTH with PSK Server 71.10.10.4 User Name vpn10 Password 123456789 Group Name vpntrial10 Group PSK 123456789 VPN Start Mode Boot Password Type Save in Flash Encapsulation 4500-4500 IKE Parameters IKE ID Type FQDN Diffie Hellman Group 2 Encryption ALG 3DES Authentication ALG Sha1 IKE Xchg Mode Aggressive IKE Config Mode XAUTH Enable Cert Expiry Check Disable Cert DN Check Disable IPSEC Parameters Encryption ALG 3DES Authentication ALG Sha1 Diffie Hellman Group 2 COMPAS ID 129967 Issue 1 Page 6 of 7

Protected Nets Virtual IP Remote Net #1 192.168.2.0/24 Remote Net #2 Remote Net #3 Copy TOS Connectivity Check No Always Issued by: Avaya SSD Tier 4 Support Contact details:- EMEA/APAC Tel: +44 1707 392200 Fax: +44 (0) 1707 376933 Email: gsstier4@avaya.com NA/CALA Tel: +1 732 852 1955 Fax: +1 732 852 1943 Email: IPOUST4ENG@Avaya.com Internet: http://www.avaya.com 2007 Avaya Inc. All rights reserved. COMPAS ID 129967 Issue 1 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information