IPsec (VPN) connection using a non-Panasonic router is not guaranteed.
KX-NSN216 (16-channel IPsec Activation Key) is required to use this feature.
This PBX supports only IKE version 1.
This PBX supports only IPsec version 2.
IPsec NAT Traversal, Mode Config (IKE-CFG), and IPsec DHCP are not supported.
Since it is assumed the VPN will be used for remote access, this PBX supports XAUTH.
This PBX supports the following packet encapsulation protocols:
Authentication Header (AH)
Encapsulating Security Payload (ESP)
The maximum number of VPNs that can be established between sites on a One-look network and between
KX-NS1000 PBXs and Android/iOS devices is shown in the following table:
Android (4.0 or later) / iOS 6.0
IKE standard reference: RFC 2401–2409, 4109
For each established SA, the number of IPsec connections enabled by the activation key decrements by
1. When the number reaches 0, no more SAs can be established.
The necessary activation key for an IPsec connection must be enabled.
The following authentication methods are supported for connection with an Android™ (version 4.0 or later)
or iOS device:
IPsec XAUTH PSK
IPsec XAUTH RSA
You can confirm the current VPN connection status in Web Maintenance Console.
If a smartphone is connected to the PBX via a VPN using the built-in router, a global IP address must be
provided by the carrier. Smartphones cannot be used without a global IP address.
When you connect IP devices such as smartphones to the PBX via a VPN using the built-in router, the
connected device must be registered to the PBX that is providing the VPN connection.
The PBX assigns a fixed IP address (10.99.99.xxx) to IP devices, such as smartphones, for the VPN
connection. Please do not assign a 10.99.99.xxx IP address to other IP equipment connected to the PBX
and the underlying the network because there is a possibility that IP addresses will overlap.
The PBX may migrate to Backup Master mode or Isolated mode if the keep-alive timer between PBXs
expires while connected to the VPN. To avoid this issue, adjust the value for the keep alive timer through
PBX system programming. Refer to "9.4 PBX Configuration—[1-1] Configuration—Slot—System
does not enter Backup Master mode or Isolated mode, please change the system mode to Normal via
Web Maintenance Console.
When you change the system mode from Backup Master mode to Normal mode, the Master unit and
Backup Master unit must be connected via a VPN. You can confirm the VPN connection status via Web
Maintenance Console. Refer to "27.1.3 Router Configuration—Setup—[1-1-3] Router Information—VPN
Status" in the PC Programming Manual.
Maximum Number of VPN Connections
16 sites (VPN connections with 15 sites)
32 devices (VPN connections with 32 devices)
Method based on X Window authentication using a pre-shared
Method based on X Window authentication using an RSA
Multisite Keepalive Time-out time" in the PC Programming Manual. If the system