96XX VPN Mode

Document for configuring 96xx series phone for VPN

Hi,Mentioning the link where we have a document for configuring VPN on 96xx series phones which is quite simpler to understand.http://support.avaya.com/css/P8/documents/100068662Its also mentioned that how do we change the VPN options on the phones screen.

96XX VPN Remote

Hi




Someone could say whether to activate the Remote VPN in an IPO 500 V2 R6.0 requires a license END POINT?

VPN Remote

Yes on R6 any Avaya IP Endpoint requires an Avaya IP Endpoint RFA:

R6 IP Telephone RFA229444Enables the use of one Avaya IP telephone.IPO LIC R6 AV IP
ENDPOINT 1$75.00 229445Enables the use of 5 Avaya IP telephones.IPO LIC R6 AV IP
ENDPOINT 5$350.00 229447Enables the use of 20 Avaya IP telephones.IPO LIC R6 AV IP
ENDPOINT 20$1,245.00

and don't forget to VCM's in the system too.

W.K. ‘Kirk’ Kirk | Avaya | Technical Support Engineer|Technical Support and Proposal Management – SME Pre-Sales Support
Highlands Ranch, CO 80129 | Voice: 1-888-297-4700 | [email protected]

Thanks to tlpeter

The vpn software is different from the 56xx series which needs special vpn firmware.
The 96xx phones do not need any other firmware but you just need to enable it.
Disabling the vpn option is also possible but removing is not a default option.

Here a how to enable,disable and remove it.


Enable the vpn option

Open the 46xxsettings.txt and add the next lines:

CODE

IF $GROUP SEQ 0 GOTO NO96XXVPN

IF $GROUP SEQ 876 GOTO 96XXVPN

# 96XXVPN
GET 96xxvpn.txt

# NO96XXVPN

SET NVVPNMODE 0

SET VPNPROC 0



Then make a new file called: 96xxvpn.txt

Put in the next lines and change as needed:

CODE

################################################## #
## VPN Mode
## 0: Disabled, 1: Enabled.
################################################## #

SET NVVPNMODE 1

################################################## #
## Vendor.
## 1: Juniper/Netscreen, 2. Cisco
## 3: CheckPoint/ Nokia 4: Other
## 5: Nortel.
################################################## #

SET NVVPNSVENDOR 1

################################################## #
## Encapsulation Type.
## 0: 4500-4500, 1: Disabled
## 2: 2070-500, 3: ?
## 4: RFC (500-500)
################################################## #

SET NVVPNENCAPS 0

################################################## #
## Copy TOS.
## 1: Yes, 2: No
################################################## #

SET NVVPNCOPYTOS 2
################################################## #
## Authentication Type.
##
## [For Cisco/Juniper/Checkpoint/Other]
## 3: PSK, 4: PSK with Xauth
## 5: RSA signatures with Xauth, 6: Hybrid Xauth
## 7: RSA signatures.
##
## [Nortel Authentication Type]
## 1: Local credentials, 2: Radius Credentials.
## 3: Radius SecureID, 4: Radius Axent.
################################################## #

SET NVVPNAUTHTYPE 5
################################################## #
## VPN User Type.
## 1: Any, 2: User
################################################## #

SET NVVPNUSERTYPE 1
################################################## #
## VPN User name.
################################################## #

SET NVVPNUSER mscep1
################################################## #
## Password Type.
## 1: Save in Flash, 2: Erase on reset
## 3: Numeric OTP, 4: Alpha-Numeric OTP
## 5: Erase on VPN termination.
################################################## #

SET NVVPNPSWDTYPE 1
################################################## #
## User Password.
################################################## #

SET NVVPNPSWD mscep1
################################################## #
## IKE ID (Group Name).
################################################## #

SET NVIKEID mscep
################################################## #
## IKE ID Type.
## 1: IPv4_ADDR, 2: FQDN
## 3: USER_FQDN, 9: DER_ASN1_DN
## 11: Key ID
################################################## #

SET NVIKEIDTYPE 11
################################################## #
## IKE Xchg Mode.
## 1: Aggressive, 2: Identity Protect.
################################################## #

SET NVIKEXCHGMODE 2
################################################## #
## IKE DH Group.
################################################## #

SET NVIKEDHGRP 2
################################################## #
## IKE Encryption Algo.
## 1: AES-128, 2: 3DES
## 3: DEs 4: AEs-192
## 5: AES-256 0: Any
################################################## #

SET NVIKEP1ENCALG 0
################################################## #
## IKE Auth algo.
## 0: Any, 1: MD5
## 2: sHA-1
################################################## #

SET NVIKEP1AUTHALG 0
################################################## #
## IKE Config Mode.
## 0: Enabled, 1: Disabled.
################################################## #

SET NVIKECONFIGMODE 0
################################################## #
## IPsec PFS DH group.
################################################## #

SET NVPFSDHGRP 2
################################################## #
## IPsec Encryption Algo.
## 1: AES-128, 2: 3DES
## 3: DEs 4: AEs-192
## 5: AES-256 6: None
## 0: Any
################################################## #

SET NVIKEP2ENCALG 0
################################################## #
## IPsec Authentication Algo.
## 0: Any, 1: MD5
## 2: sHA-1
################################################## #

SET NVIKEP2AUTHALG 0
################################################## #
## Protected Network.
################################################## #

## SET NVIPSECSUBNET 0.0.0.0/0, 0.0.0.0/0
################################################## #
## IKE Over TCP.
## 0: Never, 1: Auto
## 2: Always
################################################## #

SET NVIKEOVERTCP 0
################################################## #
## Craft access
## 0: Enabled, 1: only view option is available?
################################################## #

SET PROCSTAT 0
################################################## #
## VPN craft access
## 0: disabled, 1: view only
## 2: View and edit.
################################################## #

SET VPNPROC 2
################################################## #
## Call Server address
################################################## #

SET MCIPADD 192.168.42.1

################################################## #
## craft access code
################################################## #

SET PROCPSWD 27238

################################################## #
## VPN craft access code
################################################## #

# END



Put both files on your fileserver that is used by the IP Office.

Then press "mute" and type "craft"
Go to the option "group" and type 876 and save it.

The phone will boot up with the vpn option enabled with the settings set in the 96xxvpn.txt file
It still needs the gatekeeper IP address wich is the external IP address of the vpn router.


Disable the vpn option

To disable the vpn on a 96xx phone go in to the menu and then VPN settings.
By just disable the vpn mode it is usable as a normal phone.


Remove the vpn option

To remove the vpn option at all you need to do is change the group back to 0.

After a reboot of the phone the vpn option is gone.

Good luck
Thanks to tlpeter

Do you know where this information came from other than tlpeter? Is it in an application note or a installation guide?

Kirk, there is NO documentation yet for 96xx phones, much less VPN. TLpeter works for a distributor over the pond, and I think may have gotten this from the CM info.

There is no docs that I can find for anything 96xx and IPO.

Also, I am just getting started on configuring a VPN 9620C, on a netgear FVS 338.

The problem with the 96xx is they dont use a virtual IP once connected to the VPN and local lan. I created a default route for my subnet (0.0.0.0, 0.0.0.0, 192.168.5.1, LAN1) Which worked intiitally, but after a few hours, reverted back to "Discover 192.168.5.2", which I have not had a chance to troubleshoot yet. Just an FYI.

I have succesfully connected a 9650 and 9620 to a netgear fvx 336.

You can just enable the VPN on the phone and enable it with the 46xxsettings.txt file.
Then you can enter all settings manualy like you can on a 46xx or a 56xx phone.

You can also do it with the 46xxsettings.txt file or make a separate text file like i did.
With mutiple VPN phones this will save you a lot of time.

I am tlpeter by the way (on Tek-tips and the Avaya users forum)

Here is a document how to setup a 96xx phone for VPN:

Thanks for all the help everywhere.

What do you do for the "virtual" ip of the phone? Default IP route?

I have used the corresponding ip address in the vpn policy.

Peter, pm me. I have a non post related question.

Thanks for the information, I just got an e-notification about a new 46xxsettings.txt file. Not sure if this will help or not. So FYI only.



The 46xxsettings.txt file is used to specify certain system parameters. It is used by all 1600, 16CC, 3600, 4600 and 9600 IP & SIP Telephones. The latest version of the 46xxsettings.txt file has been updated to include new parameters used by the 1600, 16CC, 3600, 4600 and 9600 IP & SIP Telephones.
IMPORTANT: There are TWO 46xxsettings.txt files for these products. Make sure you download and use the correct file for your product and release.

Hello guys I’ve try to change my 9630G phone I done all of the above yet my does not give a option for VPN any suggestion would be appreciated
thanks

Put this in your 46xxsettings.txt file.


IF $GROUP SEQ 0 GOTO NO96XXVPN

IF $GROUP SEQ 876 GOTO 96XXVPN

# 96XXVPN

################################################## #
## VPN Mode
## 0: Disabled, 1: Enabled.
################################################## #

SET NVVPNMODE 1

################################################## #
## Craft access
## 0: Enabled, 1: only view option is available?
################################################## #

SET PROCSTAT 0

################################################## #
## craft access code
################################################## #

SET PROCPSWD 27238

################################################## #
## VPN craft access
## 0: disabled, 1: view only
## 2: View and edit.
################################################## #

SET VPNPROC 2

# NO96XXVPN


Then enter the craft menu and set the group to 876 instead of 0
Tehn reboot the phone and it will pull the 46xxsettings again but now it allows you to enable the VPN option.