96XX VPN Mode

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • deville
    Member
    • Feb 2010
    • 8

    96XX VPN Mode

    Hi,

    I'm trying to configure a 9640 phone in VPN Mode.
    Does someone have a procedure to configure 96XX phones on IPO?
    I found many Tech Tips for 46xx phones but not for 96xx.
    I tried to use Communication Manager documentation but ... it's quiet difficult to understand.

    My first idea was to manually configure VPN parameters using the phone's configuration menu (craft menu), but in VPN menu I can't change any field.

    My second idea was to use 46xxsettings file but I just want one phone to work in VPN mode, not the other...

    Maybe someone can guide me to the right direction ?

    Thanks.

    Nicolas
  • pwawre
    Member
    .
    • Mar 2010
    • 8

    #2
    Document for configuring 96xx series phone for VPN

    Hi,Mentioning the link where we have a document for configuring VPN on 96xx series phones which is quite simpler to understand.http://support.avaya.com/css/P8/documents/100068662Its also mentioned that how do we change the VPN options on the phones screen.

    Comment

    • juanluis
      Aspiring Member
      • Aug 2010
      • 1

      #3
      96XX VPN Remote

      Hi




      Someone could say whether to activate the Remote VPN in an IPO 500 V2 R6.0 requires a license END POINT?

      Comment

      • wkirk
        Brainiac
        .
        • May 2010
        • 61

        #4
        VPN Remote

        Yes on R6 any Avaya IP Endpoint requires an Avaya IP Endpoint RFA:

        R6 IP Telephone RFA229444Enables the use of one Avaya IP telephone.IPO LIC R6 AV IP
        ENDPOINT 1
        $75.00 229445Enables the use of 5 Avaya IP telephones.IPO LIC R6 AV IP
        ENDPOINT 5
        $350.00 229447Enables the use of 20 Avaya IP telephones.IPO LIC R6 AV IP
        ENDPOINT 20
        $1,245.00

        and don't forget to VCM's in the system too.

        Kirk
        W.K. ‘Kirk’ Kirk | Avaya | Technical Support Engineer|Technical Support and Proposal Management – SME Pre-Sales Support
        Highlands Ranch, CO 80129 | Voice: 1-888-297-4700 | [email protected]

        Comment

        • mongo5150
          Hot Shot
          • Sep 2010
          • 10

          #5
          Thanks to tlpeter

          The vpn software is different from the 56xx series which needs special vpn firmware.
          The 96xx phones do not need any other firmware but you just need to enable it.
          Disabling the vpn option is also possible but removing is not a default option.

          Here a how to enable,disable and remove it.


          Enable the vpn option

          Open the 46xxsettings.txt and add the next lines:

          CODE

          IF $GROUP SEQ 0 GOTO NO96XXVPN

          IF $GROUP SEQ 876 GOTO 96XXVPN

          # 96XXVPN
          GET 96xxvpn.txt

          # NO96XXVPN

          SET NVVPNMODE 0

          SET VPNPROC 0



          Then make a new file called: 96xxvpn.txt

          Put in the next lines and change as needed:

          CODE

          ################################################## #
          ## VPN Mode
          ## 0: Disabled, 1: Enabled.
          ################################################## #

          SET NVVPNMODE 1

          ################################################## #
          ## Vendor.
          ## 1: Juniper/Netscreen, 2. Cisco
          ## 3: CheckPoint/ Nokia 4: Other
          ## 5: Nortel.
          ################################################## #

          SET NVVPNSVENDOR 1

          ################################################## #
          ## Encapsulation Type.
          ## 0: 4500-4500, 1: Disabled
          ## 2: 2070-500, 3: ?
          ## 4: RFC (500-500)
          ################################################## #

          SET NVVPNENCAPS 0

          ################################################## #
          ## Copy TOS.
          ## 1: Yes, 2: No
          ################################################## #

          SET NVVPNCOPYTOS 2
          ################################################## #
          ## Authentication Type.
          ##
          ## [For Cisco/Juniper/Checkpoint/Other]
          ## 3: PSK, 4: PSK with Xauth
          ## 5: RSA signatures with Xauth, 6: Hybrid Xauth
          ## 7: RSA signatures.
          ##
          ## [Nortel Authentication Type]
          ## 1: Local credentials, 2: Radius Credentials.
          ## 3: Radius SecureID, 4: Radius Axent.
          ################################################## #

          SET NVVPNAUTHTYPE 5
          ################################################## #
          ## VPN User Type.
          ## 1: Any, 2: User
          ################################################## #

          SET NVVPNUSERTYPE 1
          ################################################## #
          ## VPN User name.
          ################################################## #

          SET NVVPNUSER mscep1
          ################################################## #
          ## Password Type.
          ## 1: Save in Flash, 2: Erase on reset
          ## 3: Numeric OTP, 4: Alpha-Numeric OTP
          ## 5: Erase on VPN termination.
          ################################################## #

          SET NVVPNPSWDTYPE 1
          ################################################## #
          ## User Password.
          ################################################## #

          SET NVVPNPSWD mscep1
          ################################################## #
          ## IKE ID (Group Name).
          ################################################## #

          SET NVIKEID mscep
          ################################################## #
          ## IKE ID Type.
          ## 1: IPv4_ADDR, 2: FQDN
          ## 3: USER_FQDN, 9: DER_ASN1_DN
          ## 11: Key ID
          ################################################## #

          SET NVIKEIDTYPE 11
          ################################################## #
          ## IKE Xchg Mode.
          ## 1: Aggressive, 2: Identity Protect.
          ################################################## #

          SET NVIKEXCHGMODE 2
          ################################################## #
          ## IKE DH Group.
          ################################################## #

          SET NVIKEDHGRP 2
          ################################################## #
          ## IKE Encryption Algo.
          ## 1: AES-128, 2: 3DES
          ## 3: DEs 4: AEs-192
          ## 5: AES-256 0: Any
          ################################################## #

          SET NVIKEP1ENCALG 0
          ################################################## #
          ## IKE Auth algo.
          ## 0: Any, 1: MD5
          ## 2: sHA-1
          ################################################## #

          SET NVIKEP1AUTHALG 0
          ################################################## #
          ## IKE Config Mode.
          ## 0: Enabled, 1: Disabled.
          ################################################## #

          SET NVIKECONFIGMODE 0
          ################################################## #
          ## IPsec PFS DH group.
          ################################################## #

          SET NVPFSDHGRP 2
          ################################################## #
          ## IPsec Encryption Algo.
          ## 1: AES-128, 2: 3DES
          ## 3: DEs 4: AEs-192
          ## 5: AES-256 6: None
          ## 0: Any
          ################################################## #

          SET NVIKEP2ENCALG 0
          ################################################## #
          ## IPsec Authentication Algo.
          ## 0: Any, 1: MD5
          ## 2: sHA-1
          ################################################## #

          SET NVIKEP2AUTHALG 0
          ################################################## #
          ## Protected Network.
          ################################################## #

          ## SET NVIPSECSUBNET 0.0.0.0/0, 0.0.0.0/0
          ################################################## #
          ## IKE Over TCP.
          ## 0: Never, 1: Auto
          ## 2: Always
          ################################################## #

          SET NVIKEOVERTCP 0
          ################################################## #
          ## Craft access
          ## 0: Enabled, 1: only view option is available?
          ################################################## #

          SET PROCSTAT 0
          ################################################## #
          ## VPN craft access
          ## 0: disabled, 1: view only
          ## 2: View and edit.
          ################################################## #

          SET VPNPROC 2
          ################################################## #
          ## Call Server address
          ################################################## #

          SET MCIPADD 192.168.42.1

          ################################################## #
          ## craft access code
          ################################################## #

          SET PROCPSWD 27238

          ################################################## #
          ## VPN craft access code
          ################################################## #

          # END



          Put both files on your fileserver that is used by the IP Office.

          Then press "mute" and type "craft"
          Go to the option "group" and type 876 and save it.

          The phone will boot up with the vpn option enabled with the settings set in the 96xxvpn.txt file
          It still needs the gatekeeper IP address wich is the external IP address of the vpn router.


          Disable the vpn option

          To disable the vpn on a 96xx phone go in to the menu and then VPN settings.
          By just disable the vpn mode it is usable as a normal phone.


          Remove the vpn option

          To remove the vpn option at all you need to do is change the group back to 0.

          After a reboot of the phone the vpn option is gone.

          Good luck
          Thanks to tlpeter

          Comment

          • wkirk
            Brainiac
            .
            • May 2010
            • 61

            #6
            Do you know where this information came from other than tlpeter? Is it in an application note or a installation guide?

            Comment

            • mongo5150
              Hot Shot
              • Sep 2010
              • 10

              #7
              Kirk, there is NO documentation yet for 96xx phones, much less VPN. TLpeter works for a distributor over the pond, and I think may have gotten this from the CM info.

              There is no docs that I can find for anything 96xx and IPO.

              Also, I am just getting started on configuring a VPN 9620C, on a netgear FVS 338.

              The problem with the 96xx is they dont use a virtual IP once connected to the VPN and local lan. I created a default route for my subnet (0.0.0.0, 0.0.0.0, 192.168.5.1, LAN1) Which worked intiitally, but after a few hours, reverted back to "Discover 192.168.5.2", which I have not had a chance to troubleshoot yet. Just an FYI.
              Last edited by mongo5150; 09-03-2010, 11:25 AM.

              Comment

              • ista6
                Whiz
                • Feb 2010
                • 35

                #8
                I have succesfully connected a 9650 and 9620 to a netgear fvx 336.

                You can just enable the VPN on the phone and enable it with the 46xxsettings.txt file.
                Then you can enter all settings manualy like you can on a 46xx or a 56xx phone.

                You can also do it with the 46xxsettings.txt file or make a separate text file like i did.
                With mutiple VPN phones this will save you a lot of time.

                I am tlpeter by the way (on Tek-tips and the Avaya users forum)
                Last edited by ista6; 09-04-2010, 05:46 AM.
                Honey, i fried the IP Office!!!!

                Comment

                • ista6
                  Whiz
                  • Feb 2010
                  • 35

                  #9
                  Here is a document how to setup a 96xx phone for VPN:

                  Honey, i fried the IP Office!!!!

                  Comment

                  • mongo5150
                    Hot Shot
                    • Sep 2010
                    • 10

                    #10
                    Thanks for all the help everywhere.

                    What do you do for the "virtual" ip of the phone? Default IP route?

                    Comment

                    • ista6
                      Whiz
                      • Feb 2010
                      • 35

                      #11
                      I have used the corresponding ip address in the vpn policy.
                      Honey, i fried the IP Office!!!!

                      Comment

                      • mongo5150
                        Hot Shot
                        • Sep 2010
                        • 10

                        #12
                        Peter, pm me. I have a non post related question.

                        Comment

                        • wkirk
                          Brainiac
                          .
                          • May 2010
                          • 61

                          #13
                          Thanks for the information, I just got an e-notification about a new 46xxsettings.txt file. Not sure if this will help or not. So FYI only.



                          The 46xxsettings.txt file is used to specify certain system parameters. It is used by all 1600, 16CC, 3600, 4600 and 9600 IP & SIP Telephones. The latest version of the 46xxsettings.txt file has been updated to include new parameters used by the 1600, 16CC, 3600, 4600 and 9600 IP & SIP Telephones.
                          IMPORTANT: There are TWO 46xxsettings.txt files for these products. Make sure you download and use the correct file for your product and release.

                          Comment

                          • joserod
                            Aspiring Member
                            • Oct 2010
                            • 1

                            #14
                            Hello guys I’ve try to change my 9630G phone I done all of the above yet my does not give a option for VPN any suggestion would be appreciated
                            thanks

                            Comment

                            • ista6
                              Whiz
                              • Feb 2010
                              • 35

                              #15
                              Put this in your 46xxsettings.txt file.


                              IF $GROUP SEQ 0 GOTO NO96XXVPN

                              IF $GROUP SEQ 876 GOTO 96XXVPN

                              # 96XXVPN

                              ################################################## #
                              ## VPN Mode
                              ## 0: Disabled, 1: Enabled.
                              ################################################## #

                              SET NVVPNMODE 1

                              ################################################## #
                              ## Craft access
                              ## 0: Enabled, 1: only view option is available?
                              ################################################## #

                              SET PROCSTAT 0

                              ################################################## #
                              ## craft access code
                              ################################################## #

                              SET PROCPSWD 27238

                              ################################################## #
                              ## VPN craft access
                              ## 0: disabled, 1: view only
                              ## 2: View and edit.
                              ################################################## #

                              SET VPNPROC 2

                              # NO96XXVPN


                              Then enter the craft menu and set the group to 876 instead of 0
                              Tehn reboot the phone and it will pull the 46xxsettings again but now it allows you to enable the VPN option.
                              Honey, i fried the IP Office!!!!

                              Comment

                              Loading