INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

96xx VPN

96xx VPN

(OP)
Hi guys,

I've searched but haven't found decent info on it, and seems to be a common problem.


I have a user with a VPN phone dropping connection on:
A) extended long idle
B) nightly, URQ error.


I'm assuming it's timeouts, where exactly can I change the timeouts.

Additionally, can I change the lifetime for the VPN on the phone side? right now it's at 28800 which I think is just default for pretty much every single VPN tunnel.

Thank you!

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

nothing to do with the phone.
My phone at home has been idle for 5 days.
Change the settings on your VPN router.

RE: 96xx VPN

(OP)
I've checked the settings, they are the same as all the other VPN firewalls I've set up. NO h323 transformation, no SIP ALG. everything checks out.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

What version of firmware on the phone? Is it anywhere close to the latest available?

RE: 96xx VPN

(OP)
Hello Gweb,

It's a 9.0.1, and the FW I believe is running 3.1, they are 96xx.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

3.2.7 is the latest for those models.

RE: 96xx VPN

Upgrade your phone system

RE: 96xx VPN

(OP)
So no solution, just upgrade the phone system?

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

Most likely the VPN settings doesn't match on both sides which causes your VPN to be rebuilt during IKE rekey.
VPNs against Cisco ASAs are most sensitive to this but you'll need to check the VPN logs on your firewall when this happens.

"Trying is the first step to failure..." - Homer

RE: 96xx VPN

You are running old software on the IPO and old firmware on the phones. It is possible that an upgrade of both will resolve your issue.

RE: 96xx VPN

Of just go fix it, it's your job I imagine, it's certainly not ours.
Why try to berate us for not spoon feeding you a solution?
Work it out and then tell us what went wrong, thats how the site works smile

RE: 96xx VPN

(OP)
I'm not berating anyone - it would be obvious if I was, but i've read a lot of threads where the solution is simply just "Upgrade the system", which leads me to believe that avaya just doesn't work right period.


VPN settings match perfectly, otherwise they wont connect - The rekeys are set to default, which are 23300 I think, i'd have to recheck the config but pretty sure it is, which is what the network admin is proving to me by providing configs for the SonicWall. I dont have this issue with the VPN phones i've set up before, those of which i've had access too config. Unfortunately this third party IT company will not allow me access and everything takes 2-3 days unless it's absolutely critical tickets... pretty annoying.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

Early versions of IPO for major releases tend to not work very well. You are running the first service pack for 9.0 when there are now 12 service packs. Yes quite often the solution is to upgrade your system. You are 11 service packs worth of fixes behind the curve.

That is like running Windows 7 with no service packs and having issues but refusing to upgrade your computer.

RE: 96xx VPN

If you're running 9.0.1 then a upgrade is in place even though it doesn't solve the issue.
And VPN settings doesn't have to match on every setting for the VPN to work, it will just fail during rekey, that's why I said to look in the VPN logs.

Don't understand why people think that phone systems should run on the firmware they came on, you upgrade computer software all the time and I'm guessing your mobile isn't on the delivered firmware.
x.0 of anything is seldom any good, doesn't matter if it's a PBX, computer, gaming console, mobile phone, computer software, car software, network software... hell any software.

"Trying is the first step to failure..." - Homer

RE: 96xx VPN

(OP)
"Don't understand why people think that phone systems should run on the firmware they came on, you upgrade computer software all the time and I'm guessing your mobile isn't on the delivered firmware.
x.0 of anything is seldom any good, doesn't matter if it's a PBX, computer, gaming console, mobile phone, computer software, car software, network software... hell any software"


Doesn't help when avaya's patch notes are pretty poor. I don't disagree, but I also can't force people to upgrade, however, I'll triple check with the IT Comp and have them reverify all the VPN's again. I'll push the upgrade.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

RE: 96xx VPN

I have phones ranging from 5610s and 9620s to 9608s connected as VPNs to Sonicwalls. A large number of them will be on versions of software that do not tally with the phone system they are connecting to - for example I took a 9620 VPN phone that was configured back when our in house system was on release 6 and reused it recently on our now release 10 system and it worked without any issues at all.

I do know I have never done anything special on a sonicwall for a VPN phone to work and in fact was able to create a 2 page word doc for customers explaining the 5 or 6 steps required to configure it on the sonicwall.

| ACSS SME |

RE: 96xx VPN

(OP)
Thanks for your input Pep, the way I see if, should the tunnel be implemented right, then there should be no problems. it's not rocket science to create GroupVPNs, in a sonicwall, nonetheless. This IT comp hasn't replied since I asked for VPN logs, I wish they could just give me the network reigns for this one.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close