• May 22, 2012, 10:24:09 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: VPN Client in 11xxE Phones NATed to Avaya 4134 VPN Router Issues  (Read 463 times)

0 Members and 1 Guest are viewing this topic.

Offline cflynt

  • Rookie
  • **
  • Posts: 2
VPN Client in 11xxE Phones NATed to Avaya 4134 VPN Router Issues
« on: October 27, 2011, 09:33:03 AM »
Hello,

Sorry if this is discussed somewhere already, was gonna reply to an existing thread but it recommended i start a new.  We have an Avaya 4134 Secure VPN Router that we are WANTING to tie Remote users to via the built in Client in the Avaya 1140E/1165E phones.  This seems to connect up just fine if we plug the phone straight into the Cable/DSL Modem with no NAT device in between.  But that isn't a solution unfortunately due to the user needing to VPN Their PC as well!  As soon as we put the User side NAT Router in between it no longer establishes the VPN Tunnel.  I have opened a ticket with our vendor for some help, but haven't heard back yet, but thought I would inquire in here if there are any tips.  I have tried 3 different routers on the user side.  Obviously it isn't a real solution to go with a heftier user side router, I am trying to accomplish this with normal SOHO routers by Cisco/Linksys/Netgear etc.  I do have IPSec Passthrough enabled.  I have tried forwarding UDP port 500 to the phone, the phone is in a DMZ.  All to no establishment!  Hopefully someone has been down this path before and has some ideas.  The Network Engineers that helped on the Avaya VPN Router say that it is all setup to the best of their ability, and that NAT is always an issue they have fought.  So there might not be a solution, but seems kinda pointless to have a VPN Client in the phone if not! :)

Thanks for any response.

Chad
Logged

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 2517
    • Michael McNamara
Re: VPN Client in 11xxE Phones NATed to Avaya 4134 VPN Router Issues
« Reply #1 on: October 27, 2011, 09:53:28 PM »
Hi Chad and welcome to the forums!

I've successfully run the UVC (UNIStim VPN Client) on an 1165E over a home Verizon FiOS Internet connection which was using a Verizon Actiontec router. I didn't have to make any changes to the Verizon Actiontec router but I did need to have NAT traversal (UDP encapsulation) enabled on the Avaya VPN Router (formerly Contivity) 1750.

You're trying to terminate this connection on an Avaya 4134 Secure Router... do you have access to an Avaya VPN Router?

A few quick thoughts... you realize that the traffic to the PC port will not be encrypted, just the voice traffic to/from the Call Server. Also there can be issues trying to run multiple IPSec VPNs from the same network/router at the same time which it sounds like you are trying to do. Is the user making a VPN connection to the same Avaya 4134 Secure Router? That might be a problem... not sure the router can identify the multiple connections since they are all being encapsulated to the same UDP port.

Have you reviewed this document?
http://support.avaya.com/css/P8/documents/100122496

Good Luck!
Logged
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline cflynt

  • Rookie
  • **
  • Posts: 2
Re: VPN Client in 11xxE Phones NATed to Avaya 4134 VPN Router Issues
« Reply #2 on: October 27, 2011, 10:44:11 PM »
Thanks so much for your reply.  To answer some of your questions.  We actually have if I recall correctly a Nortel/Avaya 2750 Router we originally bought to test this out.  But it got sat on for a long time and when we decided to touch base on things again we were going to add licenses to it and I found out it was MD'd.  We could still add the licenses but what we want is to put a router in each of our Contact Center offices and I wanted the same platform, so I asked for the replacement and that is what I was told to get is the 4134 with the VPN Module.  Just to touch on the 2750, we had it working just fine from all my tests over NAT no problem.  But the 4134 we haven't been able to yet. 

As far as running multiple IPSec VPN's, we are a Cisco shop for networking, and we use Cisco SSL VPN for the laptops coming in.  So I wouldn't think there would be any conflict running the 2.  So definitely not running the laptop through the phone, was fully aware that it wouldn't work from the get go.  But thank you for making sure! :) 

I have actually glanced at that BCM document, I am not the network guy but did look through it, I will pass it onto the network guy to see if he sees anything stand out.  But they are wanting some samples instead of just trying things.  I did pass our config and some logs from the phone onto a vendor which is planning on passing onto Avaya to take a look, I am gonna try and see if I can put a packet capture on, been awhile since I have.  But am open to any ideas.  I wish they wouldn't have MD'd the 2750 it seemed to work fine.  but wanting all the same platform it didn't sound like they replaced it with anything.

Thanks again for your reply.

Chad
Logged
Pages: [1]
« previous next »