IP Office Technical Tip (Region: Global)

196: Configuring a VPN Remote IP Phone with a Netgear FVX538 VPN Router

8th January 2008 - Full PDF Text Version

The following document assumes that the user/installer is familiar with configuring both the IP Office and VPN devices, as well as manually configuring IP hard phones. This document is for reference purposes only when creating the VPN tunnels and does not provide any details on how to configure any other aspect of either device.

Test Systems Software Versions and Basic Phone Settings

Notes

1. The IP Phones may require a Virtual IP Address to be configured in the VPN settings. Please take care in choosing a Virtual IP Range. Consider where the phone is most likely to be used and ensure that the Virtual IP Range selected will not conflict. For instance, many VPN IP Phones may be installed at user’s homes. Typically a Home Router uses 192.168.0.x or 192.168.1.x as its internal network range therefore it is recommended that this is not used as a Virtual IP Address Range.

2. IMPORTANT: Many VPN Routers will not allow a direct media path to be established between two VPN Endpoints. It will be necessary to uncheck the Direct Media Path checkbox in the Extension Configuration in IP Office if the router does not support direct media paths between two VPN endpoints. Failure to do so will result in No Speech path when two VPN extensions try and establish a call.

3. Review the Sample 46vpnsetting.txt file for simplifying configuration settings on the IP Phones.

4. While the defaults for Encryption are set at 4500-4500 and these settings are preferred, there may be instances where (depending on what the Home router supports) the user may need to either disable this setting, or change to one of the other options.

5. If manually configuring a Virtual IP Address on the IP Hard-phone, ensure that accurate records are kept of IP Address allocations to avoid IP Address conflicts.

IP Office Configuration

Using IP Office Manager, Open the Configuration and Select IP Routes.

Add a New IP Route for the Virtual LAN Network to be used in the environment.

Modify the Extensions - VoIP Tab for those extensions that will be VPN Extensions, and uncheck the Direct Media Path Check Box. (As Required)

Netgear FVX538 VPN Router VPN Configuration settings

There are two methods that can be used to establish VPN connectivity between the VPN Remote Phone and the Netgear FVX538 VPN Router.

Networking Scenario:

Mode Config and X-Auth

The advantage to using this method is that it is possible to configure the Netgear FVX538 to dynamically issue IP Addresses to the IP Phone. You do however need to create a user name to be used for authentication. This makes it easier to disable access to a specific device if the need should ever arise.

Please note that when using this option, you should select the Juniper PSK with X-Auth option on the VPN Remote Phone Profile.

Netgear FVX538 Mode Config and X-Auth

Once logged into the FVX538, Select the VPN Option.

Then select Mode Config and Create a New Mode Config Record.

Once Completed select the VPN Client option, and create a new user.

• TIP: Using the Serial Number of the IP Phone as the Username. Configure the 46vpnsetting.txt file and consider using the [SET NVVPNUSER %SERIALNUM%] option. Assign a common password to all Users and use the [SET NVVPNPSWD] option.

• Note: Some phones’ Serial Numbers may contain letters, while others will be all numbers. Letters must be entered in Capitals, not lower case or the Router will not accept the username and authentication will fail

Now Select the Policies Menu and Create a New IKE Policy. Note that as you are using a Mode Config, a VPN policy will not be used as these have already been configured in the Mode Config settings screen.

VPN Remote Phone Settings

Please ensure that when selecting the VPN Profile to be used, select the option for Juniper with X-Auth