Table of Contents
Advertisement
Redundant VPN Concentrators
2.2
Redundant VPN Concentrators
You can deploy VPN concentrators for the purposes of redundancy and load balancing.
You can configure a remote IP phone to be aware of up to three VPN concentrators by
setting the #VPNGateway parameter to the IP address of each VPN concentrator in the IP
Phone' s MAC Address-specific configuration file. Refer to Chapter 3 for more details on
making remote IP phones aware of multiple VPN concentrators.
2.3
SSL VPN Authentication Mechanisms
The following authentication modes are supported on the VPN Concentrator:
•
User name and password validation – The SSL VPN client on the remote phone is
expected to provide the username and password so that they can be matched
against the following databases:
— Local database (default) – A list of valid usernames and their associated
passwords configured for the authentication in the local database by the
administrators.
— LDAP server database (optional) – This option requires an external LDAP
server, such as Microsoft Active Directory, containing the username and
password information for authentication. LDAP needs to be enabled in the
VPN Concentrator before this database can be used instead of the local
database.
•
MAC Address Blacklist Rejection (optional) – When enabled, a local database of
MAC addresses is used to identify the remote phones that should be denied access
to the network. The database can be populated by the administrators using the
GUI. If the MAC address of a remote phone is found in this database, then the SSL
VPN connection request is rejected.
•
MAC Address White list Validation (optional) – When enabled, a local database of
MAC addresses is used to validate the MAC address of a remote phone. The
database can be populated by the administrators using the GUI. If the MAC address
of a remote phone is not found in this database, then the SSL VPN connection
request is rejected.
2.4
Other Features
Understanding of the following features will be helpful in configuring the device:
•
IP Address Assignment – A valid pool of IP address from the corporate LAN's
internal (private) IP subnet will be used by the VPN Concentrator to assign IP
addresses to the VPN phones via the virtual PPP connections over the SSL VPN. An
IP address pool must be preconfigured on the VPN Concentrator by the
administrator so that a valid IP address can be assigned to each VoIP phone
connected to the VPN Concentrator.
20
Note:
Separately apply each license to enable VPN tunnels. Licenses cannot be
reused.
Chapter 2
Hide quick links:
Advertisement
Table of Contents
