Customer it department provided point to point vpn using sonicwall tz105 and 1608i phones 3

[mode1]

Working with customer it department and about to pull my hair out. What I have told them is I needed a vpn created with ports 1718-1720 and 5005 open. I have an IP office v1 with 7(36) software and a memory card inserted with the 1600 bin files loaded onto it. I set my control unit as dhcp server sending IP to my 1608 located at remote site. I set the file server to the ip address of the phone system and file type to memory card. I tried both statically assigning and also setting phones to all 0.0.0.0 for discovery back to phone system. With phones set to all 0's just looks for dhcp. If i static assign tells me no file server. I had it confirm ports said were forwared to phone system ip. I can connect from remote site with manager to phone system and also can ping phone system from remote site. Phones will not come up. Any help? Thanks!

 

[mode1]

Also I forgot to mention that I have an ip route at ip office set to ip address 0.0.0.0 mask 0.0.0.0 and gateway to gateway at ip office lan

 

[mode1]

Transformations are also turned off on sonicwall

 

[amriddle01]

You need to give the phones at the remote site static values of at least the call server and file server, the rest can come from DHCP...IF there is an active DHCP correctly configured on that remote site, DHCP requests and responses will not pass through VPN tunnels as they are separate networks

 

[nnaarrnn]

amriddle01 is correct.

star for you.

 

[mode1]

Thanks amriddle01. I question their it department ability as i explained exactly what i was trying to accomplish and they asked me what i needed. I gave them technical tip 190 as that was all i could find for sonicwall and vpv. Should this setup be rocket science or am i dealing with questionable it support because they seem clueless to my requests. I have ip phones and vpn setup through other customer and they have no trouble setting up for me. Anything else i could relay to it. Thanks

 

[mode1]

They turned off dhcp at remote site and statically assigned computers

 

[amriddle01]

They turned off dhcp at remote site and statically assigned computers

You/they need to statically assign everything on the handsets then.....

 

[derfloh]

You need far more ports open.

80 to get firmware/settings from IPO
Something bigger then 50000 for manager/ssa/SysMon (look into help)
RTP port range as configured at your IPOD LAN interface.

 

[amriddle01]

VPNs should be open, they're a secure connection between secure sites if the network is setup correctly already, no ports should be blocked as that's basically closing the stable door after the horse has bolted

 

[derfloh]

That's my opinion, too. But who knows what the customer wants...

Does anyone know if the new HTTPS tunnels SCN trunks help to avoid problems with Sonicwalls? I would say yes for signaling and yes if no direct media is active but no for RTP stream with direct media. Perhaps does Voice Encryption also help to stop Sonicwalls to play with the packets...

 

[amriddle01]

The HTTPS tunnels require port forwarding to function, but they don't need VPN. I had a long chat with Norway during the trials over one, it worked perfectly though

 

[Gunnaro]

Indeed we did, some 45-50 minutes on a cheap netgear box.
Audio was in-house quality, at least on my side.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[amriddle01]

Yes my end too, bear in mind my end was actually twinned back out through a SIP trunk to my mobile.

 

[Gunnaro]

Yeah I remember, DS 9508 - VCM - Firewall - Open internet - Firewall - VCM - Firewall - SIP Trunk - GSM - Mobile

I may have been complaining a bit lately, but Avaya did really good on the new SCN. Solid gold!

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam