Nortel Contivity 110 Application Notes
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Router
  5. Contivity 110
  6. Application notes

Nortel Contivity 110 Application Notes

Configuring vpn router to support avaya 96xx series ip phones.
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Avaya CAD-SV
Configuring Nortel Contivity 1100 VPN Router to Support Avaya 96xx series IP
Phones.
These Application Notes describe the steps to configure the Nortel Contivity 1100 VPN
Router to Support Avaya 96xx series IP Phones.
_____________________________________________________________________________________
www.support.avaya.com,
Avaya Inc. – Proprietary. Use pursuant to Company Instructions.
_____________________________________________________________________________________
Issue 1.0
10th October 2009
ABSTRACT
Page: 1
11/4/2009

Advertisement

Table of Contents
loading

Related Manuals for Nortel Contivity 110

Summary of Contents for Nortel Contivity 110

  • Page 1 Configuring Nortel Contivity 1100 VPN Router to Support Avaya 96xx series IP Phones. Issue 1.0 10th October 2009 ABSTRACT These Application Notes describe the steps to configure the Nortel Contivity 1100 VPN Router to Support Avaya 96xx series IP Phones. _____________________________________________________________________________________ Page: 1 11/4/2009 www.support.avaya.com,...

  • Page 2: Table Of Contents

    ABLE OF CONTENTS _____________________________________________________________________________________ Introduction.........................3 NETWORK TOPOLOGY.....................4 EQUIPMENT AND SOFTWARE VALIDATED ............6 NORTEL VPN ROUTER 1100 CONFIGURATION .............7 AVAYA 96XX SERIES IP PHONE CONFIGURATION ..........15 96xx series IP Phone Firmware ................15 Configuring Avaya 96xx series IP Phone ..............15 “46xxsettings.txt” File ....................17 VERIFICATION.

  • Page 3: Introduction

    _____________________________________________________________________________________ These Application Notes describe the steps to configure the Nortel Contivity 1100 VPN Router to support IPSec Tunnel termination using Local Credential authentication for Avaya 96xx series IP Phone. Avaya 96xx series IP Phone has software based IPSec Virtual Private Network (VPN) client integrated into the firmware of an Avaya 96XX Series IP Telephone.

  • Page 4: Network Topology

    The below Figure 1 describes the general test setup diagram to configure the 96xx series IP phone with the Nortel vpn gateway. Figure 1: High level test diagram for Implementation of 96xx series avaya IP phones with Nortel contivity 1100.
  • Page 5 The Avaya 96xx series VPN Enabled IP Phones are located in the public network and configured to establish an IPSec tunnel to the Public IP address of the Nortel VPN Router. The Nortel VPN Router will assign IP addresses to the 96xx series IP Phones. The assigned IP addresses, also known as the inner addresses, will be used by the 96xx series IP Phones when communicating inside the IPSec tunnel and in the private corporate network to Avaya Communication Manager.

  • Page 6: Equipment And Software Validated

    Table 1 lists the equipment and software/firmware versions used in the sample configuration provided. Equipment Software Version Avaya G700 Media Gateway with S8300. Avaya Communication Manager 3.1 Build 4.0 and above. Avaya 96xx Telephone Release 3.1 Nortel Contivity 1100 Software Version V06_00.310+ Table 1 – Equipment Version Information HAPTER _________________________________________________________________________ _____________________________________________________________________________________ Page: 6 11/4/2009 www.support.avaya.com,...

  • Page 7: Nortel Vpn Router 1100 Configuration

    ORTEL VPN ROUTER 1100 CONFIGURATION _________________________________________________________________________ These Application Notes assume the Nortel VPN Router has been configured with basic IP connectivity and is connected into the network. The Nortel VPN Router 1100 depicted in Figure-2 has been configured with IP address 192.168.14.2 as its Management IP address.
  • Page 8 3. Select SERVICES AVAILABLE from the left panel menu. Make sure IPsec is enabled (default) for at least the public interface. 4. The screen capture below shows the Default Routes defined under ROUTING STATIC ROUTES in the sample network. One default route to gateway 192.168.14.1 on the Private side and the other default route to gateway 192.168.8.1 on the public side.
  • Page 9 5. /BASE group was defined for use in the sample network. _____________________________________________________________________________________ Page: 9 11/4/2009 www.support.avaya.com, Avaya Inc. – Proprietary. Use pursuant to Company Instructions. _____________________________________________________________________________________...
  • Page 10 6. The abbreviated screen capture below shows the IPsec configuration used for the above /BASE group. The Encryption is set to ESP – Triple DES with MD5 Integrity. The encryption will need to match Avaya 96xx _____________________________________________________________________________________ Page: 10 11/4/2009 www.support.avaya.com, Avaya Inc.
  • Page 11 series IP Phones setting in Section 5.2 7. Create new users by selecting PROFILES USERS from the left panel menu. The 96xx series IP phone will use this user ID to log in. Each 96xx series IP phone should have its own user ID. _____________________________________________________________________________________ Page: 11 11/4/2009...
  • Page 12 8. The following abbreviated screen capture shows the values used for a user, vpn1, who belongs to the /Base group. The User ID of vpn1 is composed of the 96xx series IP phone extension and the user name to facilitate tracking.
  • Page 13 9. Select SERVERS USER IP ADDR from the left panel menu to define a DHCP scope to be assigned to Avaya 96xx series IP Phones. The sample configuration defined an IP address pool for the “Contivity” pool with an IP address range from 192.168.14.220 to 192.168.14.228 to be assigned to Avaya 96xx series IP phones. _____________________________________________________________________________________ Page: 13 11/4/2009...
  • Page 14 _____________________________________________________________________________________ Page: 14 11/4/2009 www.support.avaya.com, Avaya Inc. – Proprietary. Use pursuant to Company Instructions. _____________________________________________________________________________________...

  • Page 15: Avaya 96Xx Series Ip Phone Configuration

    HAPTER _________________________________________________________________________ 4. A VAYA 96XX SERIES IP PHONE CONFIGURATION _________________________________________________________________________ 96xx series IP Phone Firmware The Avaya 96xx series (3.1) VPN-Enabled IP Phone firmware must be installed on the phone prior to the phone being deployed in the remote location. Refer to [1] and [2] for details on installing 96xx series IP Phone firmware.
  • Page 16 The configuration values of one of the 96xx series IP Phones used in the sample configurations are shown in Table 2 below. Option Value Enabled VPN Vendor Nortel 192.168.8.200 (FQDN or the IP Address (in Gateway Address dotted decimal format) of the VPN gateway ‘Untrust’ Interface) 192.168.40.143 (Phone IP address from the list External Phone IP Address of the local home network IP addresses).

  • Page 17: 46Xxsettings.txt" File

    The 46xxsetting.txt file contains variable values used by the 96xx phone during the setup of the IPSec VPN tunnel. The variables specific Nortel for Local credentials authentication are listed below. Descriptions of each variable and the values used in the sample configuration are shown.
  • Page 18 ## [For Cisco/Juniper/Checkpoint/Other] ## 3: PSK, 4: PSK with Xauth ## 5: RSA signatures with Xauth, 6: Hybrid Xauth ## 7: RSA signatures. ## [Nortel Authentication Type] ## 1: Local credentials, 2: Radius Credentials. ## 3: Radius SecureID, 4: Radius Axent.
  • Page 19 ########################################################################################## ## IKE Encryption Algo. ## 1: AES-128, 2: 3DES ## 3: DEs 4: AEs-192 ## 5: AES-256 0: Any ########################################################################################## SET NVIKEP1ENCALG 0 ########################################################################################## ## IKE Auth algo. ## 0: Any, 1: MD5 ## 2: SHA-1 ########################################################################################## SET NVIKEP1AUTHALG 0 ########################################################################################## ## IKE Config Mode.
  • Page 20 SET VPNPROC 2 ########################################################################################## ## Call Server address ########################################################################################## ##SET MCIPADD 192.168.1.162 ########################################################################################## ## Craft code ########################################################################################## SET PROCPSWD 27238 ########################################################################################## ## VPN craft access code ########################################################################################## ##SET NVVPNCODE 876 ########################################################################################## ## SNMP String ########################################################################################## ##SET SNMPSTRING public ########################################################################################## _____________________________________________________________________________________ Page: 20 11/4/2009 www.support.avaya.com,...

  • Page 21: Verification

    ERIFICATION. _________________________________________________________________________ The active VPN sessions to the Nortel VPN Router can be viewed by selecting Status Sessions from the left panel menu of the web management interface. Active IPSec tunnels are shown in the Current End User Sessions of the display. The abbreviated screen capture below shows the Current End User Session of three 96xx series IP Phones with active tunnels to the Nortel VPN Router.

  • Page 22: Trouble Shooting

    This section offers some common configuration mismatches between the 96xx series IP Phone and the Nortel VPN Router to assist in troubleshooting. The key events of the logs are highlighted in bold. The Nortel VPN Router log messages were generated using the “Original” Display Mode. Nortel VPN Router log messages can be access through STATUS EVENT LOG from the main web management interface.

  • Page 23: Phone Displaying "Connecting

    This issue can be resolved by the administrators who have access to the Avaya Communication manager and Nortel VPN Gateway. Open the web interface of the Nortel VPN gateway. Check the entered routes are correct. Check that the phone requests are able to reach the ACM and also phone gets response from the ACM (Trace using any sniffing software e.g.

  • Page 24: Conclusion

    ONCLUSION _________________________________________________________________________ The Avaya 96xx series IP Phone combined with Nortel VPN Router 1100 security appliance provides a secure solution for remote worker telephony over any broadband Internet connection. The Avaya 96xx series IP Phone Local Credentials implementation for Nortel VPN Router security appliances demonstrated successful interoperability with the Nortel VPN Router.

Table of Contents