Page 1
Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. Nortel, Nortel (Logo), the Globemark, This is the Way, This is Nortel (Design mark), SL-1, Meridian 1, and Succession are trademarks of Nortel Networks.
Revision history November 2005 Standard 1.00. This document is a new NTP issued to support Communication Server 1000 Release 4.5. WLAN Handset 2212 Installation and Configuration for VPN Page 3 of 62...
Page 4
Page 4 of 62 553-3001-229 Standard 1.00 November 2005...
Setting IPsec global variables ....37 Procedure 8 Defining a WLAN Handset 2212 group ... . . 39 Procedure 9 Setting IPsec variables for a WLAN Handset 2212 group .
Page 8
Procedure 13 Configuring the WLAN Handset 2212 using the cradle ........58...
Getting Help over the phone from a Nortel Solutions Center If you don’t find the information you require on the Nortel Technical Support Web site, and have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.
To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: www.nortel.com/erc...
About this document This document is a global document. Contact your system supplier or your Nortel representative to verify that the hardware and software described are supported in your area. Subject This document describes the installation and configuration of a WLAN Handset 2212 on a Virtual Private Network.
• Communication Server 1000M Multi Group (CS 1000M MG) • Communication Server 1000E (CS 1000E) • Meridian 1 PBX 11C Chassis • Meridian 1 PBX 11C Cabinet • Meridian 1 PBX 51C • Meridian 1 PBX 61C • Meridian 1 PBX 81 •...
• Communication Server 1000E: Upgrade Procedures (553-3041-258) Intended audience This document is intended for individuals responsible for installing, configuring, operating, and maintaining the WLAN Handset 2212. Conventions Terminology In this document, the following systems are referred to generically as “system”: •...
This section lists information sources that relate to this document. Online To access Nortel documentation online, click the Technical Documentation link under Support & Training on the Nortel home page: www.nortel.com CD-ROM To obtain Nortel documentation on CD-ROM, contact your Nortel customer representative.
The configuration in this document ......Introduction The WLAN Handset 2212 is a mobile handset for workplace IP telephone systems. The handset operates over an 802.11b wireless Ethernet LAN providing users a wireless Voice Over IP (VoIP) extension.
The latest software version is required to support the features described in this document. Code and key code requirements Before configuring the WLAN Handset 2212, you must ensure the various components are using the proper versions of software. Table 2 lists the components and software versions:...
Page 17
The configuration in this document This document describes the configuration of the supported architecture shown in Figure 1. Figure 1 Thin AP – L2 Away from VPN Router WLAN Handset 2212 Installation and Configuration for VPN...
Page 18
Page 18 of 62 Overview IMPORTANT! The figures in this document are examples of the types and format of the information required for a specific step. Substitute information for your site accordingly. 553-3001-229 Standard 1.00 November 2005...
Installing the Licence Keys ........Introduction This section describes how to install and configure the WLAN Handset 2212 for Virtual Private Network (VPN).
Page 20
Click on the + beside Ports. The Ports list expands. Right click Communications Ports (COM 1) and select Properties. The Communications Ports (COM 1) Properties window appears. Select the Port Settings tab. Ensure the settings are configured as shown in Figure 2. Figure 2 COM1 settings Connect to the wireless gateway through the console cable.
Page 21
Getting started Page 21 of 62 Figure 3 Main Menu 12 Enter 1. page 22 The Interface Menu window appears, as shown in Figure 4 on WLAN Handset 2212 Installation and Configuration for VPN...
Page 22
Figure 4 Interface menu 13 Enter 0. The Private - Trusted Interface window appears, as shown in Figure 5 Figure 5 Private - Trusted Interface 14 Enter the following: 553-3001-229 Standard 1.00 Management IP Address November 2005...
Page 23
19 Enter a cost in the Please enter the cost field. The default value is 1. 20 Enter R to return to the Main Menu. 21 Enter E to exit and save the configuration. WLAN Handset 2212 Installation and Configuration for VPN...
Page 24
22 Check the connectivity. If you are able to ping the gateway, the VPN router is configured properly. 23 Open Microsoft Internet Explorer. 24 Enter the Management IP address of the VPN router in the Address bar. 25 Click Manage Switch. The IP Services Gateway home page appears, as shown in Figure 7 on page 25 553-3001-229...
Page 25
Getting started Page 25 of 62 Figure 7 IP Services Gateway home page 26 Enter your login and password. You can now carry out any required administrative duties. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN...
Installing the Licence Keys Use Procedure 2 to install licence keys. The Contivity Stateful Firewall key must be installed for the solution to work. Procedure 2 Installing licence keys In the Contivity Secure IP Services Gateway navigator, select ADMIN > Licence Keys.
Page 27
Getting started Page 27 of 62 Click OK. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN...
Page 28
Page 28 of 62 Getting started 553-3001-229 Standard 1.00 November 2005...
Disabling the DHCP server In the Contivity Secure IP Services Gateway navigator, select SERVERS > DHCP. The DHCP Servers window appears, as shown in Figure 9 on WLAN Handset 2212 Installation and Configuration for VPN Page 29 of 62 page 30...
Figure 9 DHCP Server options Clear the DHCP Enabled Server check box. Click OK. Checking connectivity Test the connectivity for possible routing errors. Open the Console port and ping the DHCP Server, WLAN Application Gateway 2246 and the PBX. 553-3001-229 Standard 1.00 End of Procedure November 2005...
DHCP Relay options Select Enabled. Note: Ensure that you add appropriate routes in your network so that the DHCP response from the DHCP server reaches the VPN router. Click OK. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN...
Page 32
Page 32 of 62 DHCP options 553-3001-229 Standard 1.00 November 2005...
Configuring an IP address pool In the Contivity Secure IP Services Gateway window, select SERVERS > User IPaddr. The User IPaddr window appears, as shown in Figure 11 on WLAN Handset 2212 Installation and Configuration for VPN Page 33 of 62 page 34...
Page 34
Figure 11 Add an IP address pool Click Add. The Address Pool Information window appears, as shown in Figure 12. Figure 12 Address pool details Enter a Starting IP Address. Enter an Ending IP Address. 553-3001-229 Standard 1.00 November 2005...
Procedure 6 Enabling proxy ARP and tunnel-to-tunnel traffic In the Contivity Secure IP Services Gateway navigator, select SYSTEM > Forwarding. The Forwarding window appears, as shown in Figure 14 on WLAN Handset 2212 Installation and Configuration for VPN page 36...
Page 36
Figure 14 Forwarding options In the Proxy ARP section, select the route type you want to enable. Select Allow End User to End User. Click OK. 553-3001-229 Standard 1.00 End of Procedure November 2005...
Encryption and Diffie-Hellmann Group sections. Click OK. WLAN Handset 2212 group definition Use Procedure 8 to create a WLAN Handset 2212 group. Procedure 8 Defining a WLAN Handset 2212 group In the Contivity Secure IP Services Gateway navigator, select PROFILES >...
Click Apply. Click OK. WLAN Handset 2212 group IPsec variables Use Procedure 9 to set IPsec variables for a WLAN Handset 2212 group. Procedure 9 Setting IPsec variables for a WLAN Handset 2212 group In the Contivity Secure IP Services Gateway navigator, select PROFILES >...
Page 41
Click Edit next to the group for which you want to set the variables. The IPsec Variables window appears. The Connectivity section is shown page 42 in Figure 19 on page 43 WLAN Handset 2212 ; the IPsec section is shown in Figure 20 on Installation and Configuration for VPN...
Page 42
Figure 19 IPsec variables - Connectivity section Configure the Connectivity variables. 553-3001-229 Standard 1.00 Click Configure in the Connectivity section. If you intend to use the same unit, set Number of Logins to 1. Enter an ID for the Address Pool Name. November 2005...
Page 43
IPsec options and groups Page 43 of 62 Figure 20 IPsec variables - IPsec section WLAN Handset 2212 Installation and Configuration for VPN...
Page 44
Configure the IPsec variables. 553-3001-229 Standard 1.00 Click Configure in the IPsec section. Enable the following items (indicated by arrows in Figure 20 on page 43 • User name and Password • ESP - Triple DES with SHA1 Integrity • ESP - Triple DES with MD5 Integrity •...
Adding a user account In the Contivity Secure IP Services Gateway navigator, select PROFILES > Users. The Users window appears, as shown in Figure 21 on WLAN Handset 2212 Installation and Configuration for VPN Page 45 of 62 page 46...
Page 46
Figure 21 Adding users Click Add User, as indicated by the arrow. The Users Details window appears, as shown in Figure 22 on 553-3001-229 Standard 1.00 November 2005 page 47...
Page 47
In the General section, enter a First and Last name. Select the Group to which the user will belong. In the User Accounts section, enter a User ID and Password. Re-enter the password. Click OK. WLAN Handset 2212 End of Procedure Installation and Configuration for VPN...
Second interface configuration Use Procedure 11 to configure the second interface. Procedure 11 Configuring the second interface In the Contivity Secure IP Services Gateway navigator, select SYSTEM > Users. The Second Interface window appears, as shown in Figure 23. Figure 23 Configuring second interface Click Configure (as indicated by the arrow).
Page 49
Note: The need to reboot may depend on the router model as there may be a spare private interface on the model. Once the computer has rebooted, reload the second interface window. WLAN Handset 2212 Installation and Configuration for VPN...
Page 50
Figure 25 Cancel acquisition Click Cancel acquisition. The Second Interface page reloads as shown in Figure 26 on 553-3001-229 Standard 1.00 November 2005 page 51...
Page 51
Figure 26 Select protocol Select IP in the Select Protocol list. Click Apply. WLAN Handset 2212 End of Procedure Installation and Configuration for VPN...
Firewall configuration Use Procedure 12 configure the firewall. Procedure 12 Configuring the firewall In the Contivity Secure IP Services Gateway navigator, select SERVICES > Firewall/NAT. The Firewall Options window appears, as shown in Figure 27. Figure 27 Firewall options Select Contivity Firewall. Select Contivity Stateful Firewall.
Page 53
The Firewall Policies window appears, as shown in Figure 28. Figure 28 Firewall policies 10 Click New. The New Policy window appears, as shown in Figure 29 on WLAN Handset 2212 page 45 Installation and Configuration for VPN page 54...
Page 54
Figure 29 New policy 11 Enter a name for the new firewall policy. 12 Click OK. The new policy is created and the Firewall Policy-Edit window appears, as shown in “Edit firewall policy” on Figure 30 Edit firewall policy 13 Select the Override Rules tab. 553-3001-229 Standard 1.00 November 2005...
Page 55
19 Click Yes to save the changes, and return to the Firewall Options page. 20 Select the policy you created starting at step 11 from the Policy list in the Firewall/NAT Policy section. WLAN Handset 2212 Installation and Configuration for VPN...
Page 56
Page 56 of 62 Users, interface and firewall configuration 21 Click OK. End of Procedure 553-3001-229 Standard 1.00 November 2005...
Configuring the handset ........Introduction This section describes how to configure the WLAN Handset 2212. Configuring the handset There are two ways to configure the WLAN Handset 2212: •...
Procedure 13 Configuring the WLAN Handset 2212 using the cradle Before you begin, do the following: Decompress the configuration cradle file (version 2.11.02) to a folder on the hard drive. Double-click on PhoneConfig.exe in the folder. The Config Cradle window appears, as shown in Figure 33. The settings for the telephone are grouped into three main categories: System, Group, and User.
Figure 34 Config Cradle with VPN Settings Click Save. Handset screen method Use Procedure 14 to configure the WLAN Handset 2212 using the screen method. Procedure 14 Configuring the WLAN Handset 2212 using the screen Turn on the handset. To access the Configuration menu, press the green key and red key simultaneously, then release the green key first.
Page 60
Figure 35 Configuration menu Set the Licence Option. Set the Terminal Type. Set the DHCP IP address. Set the VPN Server IP address. Set Mode. 553-3001-229 Standard 1.00 Select Phone Config > License Option. Enter 010 using the keypad on the handset. Select Save.
Page 61
Click Save. 12 Set Phase 1 Options. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Options. WLAN Handset 2212 Installation and Configuration for VPN...
Page 62
553-3001-229 Standard 1.00 Select Init Contact. Click OK. Select Nortel features. Click OK. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 2 - ESP. Select Auth. Hash > SHA1.
Page 64
Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. Nortel, Nortel (Logo), the Globemark, This is the Way, This is Nortel (Design mark), SL-1, Meridian 1, and Succession are trademarks of Nortel Networks.