IP Office Technical Tip (Region: Global)

185: Configuring a VPN IP Phone with a Kentrox Q2300 VPN Router

13th July 2007 - Full PDF Text Version

The following document assumes that the user/installer is familiar with configuring both the IP Office and VPN devices as well as setting manually configuring IP hard phones. This document is for reference purposes only when creating the VPN tunnels and does not provide details on how to configure any other aspect of either device.

Test Systems Software Versions and Basic Phone Settings

Notes

1. The IP Phones may require a Virtual IP Address to be configured in the VPN settings. Please take care in choosing a Virtual IP Range. Consider where the phone is most likely to be used and ensure that the Virtual IP Range selected will not conflict. For instance, many VPN IP Phones may be installed at user’s homes. Typically a Home Router uses 192.168.0.x or 192.168.1.x as its internal network range therefore it is recommended that this is not used as a Virtual IP Address Range.

2. IMPORTANT: Many VPN Routers will not allow a direct media path to be established between two VPN Endpoints. It will be necessary to uncheck the Direct Media Path checkbox in the Extension Configuration in IP Office. Failure to do so will result in No Speech path when two VPN extensions try and establish a call.

3. Review the Sample 46vpnsetting.txt file for simplifying configuration settings on the IP Phones.

4. While the defaults for Encryption are set at 4500-4500 and these settings do work in most configurations, there may be instances where (depending on what the VPN Router and Home router supports) the user may need to either disable this setting, or change to one of the other options.

5. If manually configuring a Virtual IP Address on the IP Hard-phone, ensure that accurate records are kept of IP Address allocations to avoid IP Address conflicts.

IP Office Configuration

Using IP Office Manager, Open the Configuration and Select IP Routes.

Add a New IP Route for the Virtual LAN Network to be used in the environment.

Modify the Extensions - VoIP Tab for those extensions that will be VPN Extensions, and uncheck the Direct Media Path Check Box.

Networking Scenario:

Kentrox Q2300 VPN Router VPN Configuration settings

There are two methods that can be used to connect a VPN Remote Phone providing the customer with different options for installation and management of the remote phone users.

Option 1 - Using Dynamic VPN
This is the simplest and quickest method of implementation allowing multiple clients to connect.

For configuration settings, refer to page 4.

Option 2 - Using IKE and VPN Policy
This option provides more configuration options so far as defining the Client policy to be used, more control over the algorithms to be used etc, it also has more steps to setup and configure.

For configuration settings, refer to pages 5 - 6

Kentrox Q2300 Option 1: Using a Dynamic VPN Policy

Once logged into the FVS338, Select the VPN Option, then Select Global Settings.

Kentrox Option 1: VPN Remote Phone Settings

Kentrox Q2300 Option 2: Using a VPN Gateway Client and Tunnel Policy

Once logged into the FVS338, Select the VPN Option, then Select Global Settings

Once Configured, Select and Add a Client Gateway

** The Kentrox Router requires that all these values match. If these do not match, you will receive a No_Proposal_Chosen Error in the Kentrox Logs. The VPN Remote Phone does not have a configuration option for the Lifetime value. This value can usually be viewed in the Kentrox VPN Log.

Once the Client Gateway has been added Add a Tunnel to the Client Gateway Profile

Kentrox Option 2: VPN Remote Phone Settings