• November 23, 2020, 11:12:55 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: VPN hardware recommendations for remote 1140e phones  (Read 4988 times)

0 Members and 1 Guest are viewing this topic.

Offline johnnyorange

  • Rookie
  • **
  • Posts: 5
VPN hardware recommendations for remote 1140e phones
« on: August 01, 2014, 04:27:52 PM »
Hi everybody

A long time dream of all of us here at our small company has been for them to take home an 1140e, plug it into their home network and register with our CS1000 7.5.  (Yes, we have the UVC licenses on all the phones).

After poring over this site and the internet, it seems to me my options to get this to work are rather limited.

I could get an SR2330, stick it in the DMZ of our network and have the phones connect to that and then onward into the CS1000.

Initially I was looking into 1740/1750 routers on ebay.  Then i saw some documentation about getting a cisco asa 5515 to work as a VPN target for the 1140s.

Im kinda incredulous as to the cost of the 2330 considering that this solutions is ONLY going to be used for the 1140e phones, and the reason I have to use it is some weird methodology that Nortel/Avaya uses to get the phones to register via IPSEC.

Are there any other solutions that can make this work?  Juniper?  Im even considering building a strongswan server for this.

All the best and thanks in advance


Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: VPN hardware recommendations for remote 1140e phones
« Reply #1 on: August 05, 2014, 07:30:02 PM »
Hello Johnny,

We have been using 1750 head-end for years with 1140 VPN phones and Contivity 221 devices.  I have to say it works brilliantly.  We are also looking at "what next" for this as the 1750 is now at end of manufacturer support.  A possibility is the SR2230 but I am keeping my options open at the moment and exploring.

We also have a substantial VPN remote access system using Cisco ASA and IPsec/Anyconnect SSL.  I have been looking at getting the phones to work through this, but have had no success.  You mention seeing "some documentation about getting a cisco asa 5515 to work as a VPN target for the 1140s".  Are you able to point me to this information?

Cheers
Ian

Offline johnnyorange

  • Rookie
  • **
  • Posts: 5
Re: VPN hardware recommendations for remote 1140e phones
« Reply #2 on: August 05, 2014, 07:51:26 PM »
ive attached a PDF of a file I found on avaya devconnect about getting ciscos to work with vpn entitled:

Configuring Cisco Adaptive Security Appliance (ASA) using Cisco Adaptive Security Device Manager (ASDM) VPN Wizard to Support Avaya VPNremote Phones Issue 1.1

its not directly applicable to 1140e's but I think potentially could be a starting point when used in concert with the avaya vpn wizard jar tool.

I appreciate your insight into this

my sense is that I may just send users home with a hardware vpn endpoint that just automatically creates the ipsec tunnel and the phone connects to the cs1000 as if its on the local LAN.  for the small number of users we have I think this is probably the best option.

I would pull the trigger on an 1750 from ebay but Im concerned as to my ability to get the thing up and running as im not confident I can find software for it etc.

Also fwiw one of my resellers told me that avaya may be getting out of the hardware VPN business and eol'ing the 2230s in favor of vmware solutions.

thanks for getting back -
JO

Offline imorris

  • Rookie
  • **
  • Posts: 18
Re: VPN hardware recommendations for remote 1140e phones
« Reply #3 on: August 05, 2014, 08:15:13 PM »
Thanks Johnny

I do remember seeing that document but I think I just glossed over it (Avaya phone rather than a Nortel phone).  I will take a closer look though. 

We originally used the Contivity 221 devices as hardware VPN endpoints with the 1750 as the head-end to provide desk phones at home.  Contivity221 configured in "client" mode as opposed to site-to-site (Branch).  Later on, when the 11xx phones got VPN capability we used that rather than sourcing more 221 devices.  Mind you it took a bit of time to get it working correctly, but we have a couple of people way smarter than me that support our phone system and they made it happen.  I still have my 221 at home and it still works perfectly. 

Thanks for that document and good luck with your search.

Cheers
Ian

Offline johnnyorange

  • Rookie
  • **
  • Posts: 5
Re: VPN hardware recommendations for remote 1140e phones
« Reply #4 on: August 22, 2014, 02:16:09 PM »
to follow up and bring an end to this story, I ended up not using the internal VPN client on the 1140e phones as the hassle was too great.

instead, I purchased a low end sonicwall router (200 bucks) for the remote user (one at this point) to be the remote vpn endpoint to take home which creates a vpn tunnel back into our hq sonicwall. 

after setting up the routing tables etc for the vpn on the hq sonicwall and having the ability for the remote network to connect to the hq TLAN and ELAN subnets, i set on the remote sonicwall for the internal dhcp server on the remote sonicwall to send an option 244 dhcp string with our http provisioning server address.

I then created a ##macaddress##.cfg file for the remote 1140e phone along with a reg line for the TN on our provisioning server.

phone booted from factory reset, self configured and works great.

now i just need to figure out how to provision button labels so extensions dont just show up as numbers...

thanks for all

Offline allamerican

  • Rookie
  • **
  • Posts: 1
Re: VPN hardware recommendations for remote 1140e phones
« Reply #5 on: September 09, 2014, 07:45:38 AM »
Use express vpn as it provides 50+ high speed servers,unlimited server switches.

Offline johnnyorange

  • Rookie
  • **
  • Posts: 5
Re: VPN hardware recommendations for remote 1140e phones
« Reply #6 on: September 09, 2014, 07:57:48 AM »
its hard for me to see how expressvpn would be applicable here, as it is a vpn service and does NOTHING to get back to my home network from a remote site.

care to elaborate?

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: VPN hardware recommendations for remote 1140e phones
« Reply #7 on: September 09, 2014, 02:35:45 PM »
We use Aruba RAP-2's and RAP-5's with an Ethernet port assigned to VOIP, and use an injector for power.
Works well as a work-from-home kit if you really need a physical phone.

TankII