Avaya Support Forums  

Go Back   Avaya Support Forums > Small and Medium Business Communications

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 06-28-2010, 08:49 AM
deville deville is offline
Member
 
Join Date: Feb 2010
Posts: 8
deville has 10 reputation points
Default 96XX VPN Mode

Hi,

I'm trying to configure a 9640 phone in VPN Mode.
Does someone have a procedure to configure 96XX phones on IPO?
I found many Tech Tips for 46xx phones but not for 96xx.
I tried to use Communication Manager documentation but ... it's quiet difficult to understand.

My first idea was to manually configure VPN parameters using the phone's configuration menu (craft menu), but in VPN menu I can't change any field.

My second idea was to use 46xxsettings file but I just want one phone to work in VPN mode, not the other...

Maybe someone can guide me to the right direction ?

Thanks.

Nicolas
Reply With Quote
  #2  
Old 06-30-2010, 02:25 AM
pwawre pwawre is offline
Member
.
 
Join Date: Mar 2010
Posts: 8
pwawre has 10 reputation points
Default Document for configuring 96xx series phone for VPN

Hi,Mentioning the link where we have a document for configuring VPN on 96xx series phones which is quite simpler to understand.http://support.avaya.com/css/P8/documents/100068662Its also mentioned that how do we change the VPN options on the phones screen.
Reply With Quote
  #3  
Old 08-25-2010, 06:08 PM
juanluis juanluis is offline
Aspiring Member
 
Join Date: Aug 2010
Posts: 1
juanluis has 10 reputation points
Post 96XX VPN Remote

Hi




Someone could say whether to activate the Remote VPN in an IPO 500 V2 R6.0 requires a license END POINT?
Reply With Quote
  #4  
Old 08-26-2010, 06:19 AM
wkirk's Avatar
wkirk wkirk is offline
Brainiac
.
 
Join Date: May 2010
Location: Highlands Ranch
Posts: 51
wkirk has 10 reputation points
Default VPN Remote

Yes on R6 any Avaya IP Endpoint requires an Avaya IP Endpoint RFA:

R6 IP Telephone RFA229444Enables the use of one Avaya IP telephone.IPO LIC R6 AV IP
ENDPOINT 1
$75.00 229445Enables the use of 5 Avaya IP telephones.IPO LIC R6 AV IP
ENDPOINT 5
$350.00 229447Enables the use of 20 Avaya IP telephones.IPO LIC R6 AV IP
ENDPOINT 20
$1,245.00

and don't forget to VCM's in the system too.

Kirk
W.K. ‘Kirk’ Kirk | Avaya | Technical Support Engineer|Technical Support and Proposal Management – SME Pre-Sales Support
Highlands Ranch, CO 80129 | Voice: 1-888-297-4700 | technictr@avaya.com
Reply With Quote
  #5  
Old 09-02-2010, 04:12 AM
mongo5150's Avatar
mongo5150 mongo5150 is offline
Hot Shot
 
Join Date: Sep 2010
Posts: 10
mongo5150 has 10 reputation points
Default

Thanks to tlpeter

The vpn software is different from the 56xx series which needs special vpn firmware.
The 96xx phones do not need any other firmware but you just need to enable it.
Disabling the vpn option is also possible but removing is not a default option.

Here a how to enable,disable and remove it.


Enable the vpn option

Open the 46xxsettings.txt and add the next lines:

CODE

IF $GROUP SEQ 0 GOTO NO96XXVPN

IF $GROUP SEQ 876 GOTO 96XXVPN

# 96XXVPN
GET 96xxvpn.txt

# NO96XXVPN

SET NVVPNMODE 0

SET VPNPROC 0



Then make a new file called: 96xxvpn.txt

Put in the next lines and change as needed:

CODE

################################################## #
## VPN Mode
## 0: Disabled, 1: Enabled.
################################################## #

SET NVVPNMODE 1

################################################## #
## Vendor.
## 1: Juniper/Netscreen, 2. Cisco
## 3: CheckPoint/ Nokia 4: Other
## 5: Nortel.
################################################## #

SET NVVPNSVENDOR 1

################################################## #
## Encapsulation Type.
## 0: 4500-4500, 1: Disabled
## 2: 2070-500, 3: ?
## 4: RFC (500-500)
################################################## #

SET NVVPNENCAPS 0

################################################## #
## Copy TOS.
## 1: Yes, 2: No
################################################## #

SET NVVPNCOPYTOS 2
################################################## #
## Authentication Type.
##
## [For Cisco/Juniper/Checkpoint/Other]
## 3: PSK, 4: PSK with Xauth
## 5: RSA signatures with Xauth, 6: Hybrid Xauth
## 7: RSA signatures.
##
## [Nortel Authentication Type]
## 1: Local credentials, 2: Radius Credentials.
## 3: Radius SecureID, 4: Radius Axent.
################################################## #

SET NVVPNAUTHTYPE 5
################################################## #
## VPN User Type.
## 1: Any, 2: User
################################################## #

SET NVVPNUSERTYPE 1
################################################## #
## VPN User name.
################################################## #

SET NVVPNUSER mscep1
################################################## #
## Password Type.
## 1: Save in Flash, 2: Erase on reset
## 3: Numeric OTP, 4: Alpha-Numeric OTP
## 5: Erase on VPN termination.
################################################## #

SET NVVPNPSWDTYPE 1
################################################## #
## User Password.
################################################## #

SET NVVPNPSWD mscep1
################################################## #
## IKE ID (Group Name).
################################################## #

SET NVIKEID mscep
################################################## #
## IKE ID Type.
## 1: IPv4_ADDR, 2: FQDN
## 3: USER_FQDN, 9: DER_ASN1_DN
## 11: Key ID
################################################## #

SET NVIKEIDTYPE 11
################################################## #
## IKE Xchg Mode.
## 1: Aggressive, 2: Identity Protect.
################################################## #

SET NVIKEXCHGMODE 2
################################################## #
## IKE DH Group.
################################################## #

SET NVIKEDHGRP 2
################################################## #
## IKE Encryption Algo.
## 1: AES-128, 2: 3DES
## 3: DEs 4: AEs-192
## 5: AES-256 0: Any
################################################## #

SET NVIKEP1ENCALG 0
################################################## #
## IKE Auth algo.
## 0: Any, 1: MD5
## 2: sHA-1
################################################## #

SET NVIKEP1AUTHALG 0
################################################## #
## IKE Config Mode.
## 0: Enabled, 1: Disabled.
################################################## #

SET NVIKECONFIGMODE 0
################################################## #
## IPsec PFS DH group.
################################################## #

SET NVPFSDHGRP 2
################################################## #
## IPsec Encryption Algo.
## 1: AES-128, 2: 3DES
## 3: DEs 4: AEs-192
## 5: AES-256 6: None
## 0: Any
################################################## #

SET NVIKEP2ENCALG 0
################################################## #
## IPsec Authentication Algo.
## 0: Any, 1: MD5
## 2: sHA-1
################################################## #

SET NVIKEP2AUTHALG 0
################################################## #
## Protected Network.
################################################## #

## SET NVIPSECSUBNET 0.0.0.0/0, 0.0.0.0/0
################################################## #
## IKE Over TCP.
## 0: Never, 1: Auto
## 2: Always
################################################## #

SET NVIKEOVERTCP 0
################################################## #
## Craft access
## 0: Enabled, 1: only view option is available?
################################################## #

SET PROCSTAT 0
################################################## #
## VPN craft access
## 0: disabled, 1: view only
## 2: View and edit.
################################################## #

SET VPNPROC 2
################################################## #
## Call Server address
################################################## #

SET MCIPADD 192.168.42.1

################################################## #
## craft access code
################################################## #

SET PROCPSWD 27238

################################################## #
## VPN craft access code
################################################## #

# END



Put both files on your fileserver that is used by the IP Office.

Then press "mute" and type "craft"
Go to the option "group" and type 876 and save it.

The phone will boot up with the vpn option enabled with the settings set in the 96xxvpn.txt file
It still needs the gatekeeper IP address wich is the external IP address of the vpn router.


Disable the vpn option

To disable the vpn on a 96xx phone go in to the menu and then VPN settings.
By just disable the vpn mode it is usable as a normal phone.


Remove the vpn option

To remove the vpn option at all you need to do is change the group back to 0.

After a reboot of the phone the vpn option is gone.

Good luck
Thanks to tlpeter
Reply With Quote
  #6  
Old 09-03-2010, 07:08 AM
wkirk's Avatar
wkirk wkirk is offline
Brainiac
.
 
Join Date: May 2010
Location: Highlands Ranch
Posts: 51
wkirk has 10 reputation points
Default

Do you know where this information came from other than tlpeter? Is it in an application note or a installation guide?
Reply With Quote
  #7  
Old 09-03-2010, 11:14 AM
mongo5150's Avatar
mongo5150 mongo5150 is offline
Hot Shot
 
Join Date: Sep 2010
Posts: 10
mongo5150 has 10 reputation points
Default

Kirk, there is NO documentation yet for 96xx phones, much less VPN. TLpeter works for a distributor over the pond, and I think may have gotten this from the CM info.

There is no docs that I can find for anything 96xx and IPO.

Also, I am just getting started on configuring a VPN 9620C, on a netgear FVS 338.

The problem with the 96xx is they dont use a virtual IP once connected to the VPN and local lan. I created a default route for my subnet (0.0.0.0, 0.0.0.0, 192.168.5.1, LAN1) Which worked intiitally, but after a few hours, reverted back to "Discover 192.168.5.2", which I have not had a chance to troubleshoot yet. Just an FYI.

Last edited by mongo5150; 09-03-2010 at 11:25 AM.
Reply With Quote
  #8  
Old 09-04-2010, 05:43 AM
ista6's Avatar
ista6 ista6 is offline
Whiz
 
Join Date: Feb 2010
Location: Netherlands
Posts: 35
ista6 has 10 reputation points
Default

I have succesfully connected a 9650 and 9620 to a netgear fvx 336.

You can just enable the VPN on the phone and enable it with the 46xxsettings.txt file.
Then you can enter all settings manualy like you can on a 46xx or a 56xx phone.

You can also do it with the 46xxsettings.txt file or make a separate text file like i did.
With mutiple VPN phones this will save you a lot of time.

I am tlpeter by the way (on Tek-tips and the Avaya users forum)
__________________
Honey, i fried the IP Office!!!!

Last edited by ista6; 09-04-2010 at 05:46 AM.
Reply With Quote
  #9  
Old 09-04-2010, 06:04 AM
ista6's Avatar
ista6 ista6 is offline
Whiz
 
Join Date: Feb 2010
Location: Netherlands
Posts: 35
ista6 has 10 reputation points
Default

Here is a document how to setup a 96xx phone for VPN:

http://support.avaya.com/css/P8/documents/100068662
__________________
Honey, i fried the IP Office!!!!
Reply With Quote
  #10  
Old 09-06-2010, 05:21 PM
mongo5150's Avatar
mongo5150 mongo5150 is offline
Hot Shot
 
Join Date: Sep 2010
Posts: 10
mongo5150 has 10 reputation points
Default

Thanks for all the help everywhere.

What do you do for the "virtual" ip of the phone? Default IP route?
Reply With Quote
Reply

Tags
9640, ipo, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 06:48 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.