H323 Remote Phone 2

[TelecomsTim]

Having a bit of a nightmare setting up a 9608 handset to work remotely.

All docs have been followed, correct ports open on firewall etc. All is working except we have no dial-tone or speech path.

The docs mention having to "allow remote Extn" on the VOIP tba of the extension but this option seem to have been removed on V9. Is this option now located elsewhere or has it been removed altogether and now just uses the settings on the user themselves.

Note that we do already have "h323 gatekeeper enable" and "H323 Remote extn enabled" ticked on the LAN settings aswell as the STUN server setting.

Any ideas would be greatly appreciated!

 

[rejackson]

It sounds like it is setting up the IPSEC VPN and registering but no sound. Has to be a routing problem between the phones IP address (after it connects to the tunnel) and the media resources on you phone system. After a phone connects stat it and see what address it has. Then try to ping that address from the same network as your medres/medpro cards.

 

[TelecomsTim]

Thanks for the reply.

We are not using the VPN method but the remote phone option using port forwarding on firewall.

The below has been followed exactly and I read somewhere to try port 1800 instead of 1720 for TCP but still get the same issue

Remote H.323 Extensions
For IP Office Release 8.0+, the configuration of remote H.323 extensions is supported without needing those extensions to be running special VPN firmware. This option is intended for use in the following scenario:

• The customer LAN has a public IP address which is forwarded to the IP Office system. That address is used as the call server address by the H.323 remote extensions.
• The user has a H.323 phone behind a domestic router. It is assumed that the domestic router allows all outbound traffic from the home network to pass through and allows all symmetric traffic. That is, if the phone sends RTP/RTCP to a public IP address and port, it will be able to receive RTP/RTCP from that same IP address and port. Configurations otherwise are not covered by this documentation.
remote_H323_extension

• Supported Telephones
Currently, remote H.323 extension operation is only supported with 9600 Series phones already supported by the IP Office system.
• License Requirements
By default, only two (2) users can be configured for remote H.323 extension usage. Additional users can be configured if those additional users are licensed and configured with either Teleworker or Power User user profiles.
Customer Network Configuration
The corporate LAN hosting the IP Office system requires a public IP address that is routed to the LAN interface of the IP Office system configured for remote H.323 extension support.

STUN from the IP Office system to the Internet is used to determine the type of NAT being applied to traffic between the system and the Internet. Any routers and other firewall devices between the H.323 phone location and the IP Office system must allow the following traffic.

Protocol

Port

Description

ICMP

–

Incoming ICMP to the IP Office system's public IP address must be allowed.

UDP

1719

UDP port 1719 traffic to the IP Office system must be allowed. This is used for H225 RAS processes such as gatekeeper discovery, registration, keepalive, etc. If this port is not open the phone will not be able to register with the IP Office system.

TCP

1720

TCP port 1720 traffic must be allowed. This is used for H.225 (call signalling).

RTP

Various

The ports in the range specified by the system's RTP Port Number Range (Remote Extn) settings must be allowed.

RTCP

UDP

5005

If the system setting 'Enable RTCP Monitoring on Port 5005' has been enabled, traffic on this port must be allowed to include remote H.323 extensions in the monitoring.

User Network Configuration
It is assumed that the domestic router allows all outbound traffic from the home network to pass through and allows all symmetric traffic. That is, if the phone sends RTP/RTCP to a public IP address and port, it will be able to receive RTP/RTCP from that same IP address and port. Configurations otherwise are not covered by this documentation.

IP Office System Configuration
This is a summary of the necessary IP Office system configuration changes. This section assumes that you are already familiar with IP Office system and H.323 IP telephone installation.

1. Licensing
If more than 2 remote extension users are to be supported, the system must include available Teleworker and or Power User licenses for those users.
2. System Configuration
The following needs to be configured on the IP Office system LAN interface to which the public IP address is routed.
a. Select System | LAN1/LAN2 | VoIP. Check that the H.323 Gatekeeper Enable setting is selected.
b. Due to the additional user and extension settings needed for remote H.323 extension configuration, we assume that the extension and user entries for the remote H.323 extensions and users are added manually.
c. Select H.323 Remote Extn Enable.
d. Set the RTP Port Number Range (Remote Extn) to encompass the port range that should be used for remote H.323 extension RTP and RTCP traffic. The range setup must provide at least two ports per extension being supported.
3. Network Topology Configuration
STUN can be used to determine the type of NAT/firewall processes being applied to traffic between the IP Office system and the Internet.
a. Select the Network Topology tab. Set the STUN Server IP Address to a known STUN server. Click OK. The Run STUN button should now be enabled. Click it and wait while the STUN process is run. The results discovered by the process will be indicated by ! icons next to the fields.
b. If STUN reports the Firewall/NAT Type as one of the following, the network must be reconfigured if possible, as these types are not supported for remote H.323 extensions: Static Port Block, Symmetric NAT or Open Internet.
4. H.323 Extension Configuration
H.323 remote extensions use non-default settings and so cannot be setup directly using Auto-create.
a. Within Manager, add a new H.323 extension or edit an existing extension.
b. On the Extn tab, set the Base Extension number.
c. On the VoIP tab, select Allow Remote Extn.
d. The other settings are as standard for an Avaya H.323 telephone. Regardless of direct media configuration, direct media is not used for remote H.323 extensions.
5. User Configuration
The following settings are used to specify whether a user is allowed to use a remote H.323 extension.
a. On the User tab, set the User Profile to Teleworker or Power User.
b. Select Enable Remote Worker.


Phone Configuration
The phones do not require any special firmware. Therefore, they should first be installed as normal internal extensions, during which they will load the firmware provided by the IP Office system.

Once this process has been completed, the address settings of the phone should be cleared and the call server address set to the public address to be used by remote H.323 extensions.

It is assumed that at the remote location, the phone will obtain other address information by DHCP from the user's router. If that is not the case, the other address setting for the phone will need to be statically administered to match addresses suitable for the user's home network.

 

[OldAndKnackered]

I believe you have to go to the VoIP tab of the LAN you are using and make sure that H323 remote extn enable is ticked before you can see it on the Extn Tab

 

[HeathBCT]

User for that phone has to be a power user or teleworker. Then check enable remote worker on the user tab.

ACSS - SME

 

[amriddle01]

No they don't, it just doesn't work sometimes, depending on routers involved etc

 

[tlpeter]

You need to disable "direct mediapath" on the extension otherwise you won't have speech.


BAZINGA!

I'm not insane, my mother had me tested!

 

[TelecomsTim]

The option on the extension itself has definitely gone despite LAN and user settings being set correctly.

Avaya don't seem to have updated the help docs though on the knowledgebase which worries me.

Problem continues so any further help would be great!

 

[shardian]

Enable remote worker" option is located on the actual user's setting page now. It used to be on the extension setting page. It was moved in R9.

 

[IPGuru]

Which ISP is your home worker using?
Some will not work

Remote H323 phones are very hit & miss, a VPN solution if possible is far more reliable.

Having said that if the phone is registering but no speech/dial-tone then I woudl say it is either a problem with Direct media path or the RTP ports in use not being open on the firewall.

A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear

 

[TelecomsTim]

Noted

Are the 9608 phones easy enough to setup in VPN mode (i.e. the phone creating the VPN rather than a remote router)?

 

[wotanuta]

Had this issue myself and had to set STUN to static port block so that it uses the ports defined in the RTP settings and once that was done all worked ok

 

[pccsipoffice]

I am going to be doing this same configuration with a 9620L phone soon.
I hope it works. Is the Public ip address forwarding to the Ip office done in the
router? If so then it would be forwaded to the ip address of the
avaya ip office found in the Lan1 tab in manager? Does the public ip address have to be
port forwarded for phones or can it be a public ip that is currently in use at the site
for other devices? Any tips on this would be appreciated.