I have an IP office 500 7.027 with a 9620L ip phone. I get the VPN tunnel established between the Sonicwall and the 9620L but no communications from the VPN to the system. The customer IT tech has the WAN-LAN and vice-versa rules set up but no traffic...any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Sonicwall TZ190 and 9620L VPN phone LAN issue
- Thread starter Trems
- Start date
IPrute in the ipo pointing to the iprange that the phone is getting?
BAZINGA!
I'm not insane, my mother had me tested!
www.lantel.nl
BAZINGA!
I'm not insane, my mother had me tested!
www.lantel.nl
- Thread starter
- #3
- Thread starter
- #4
Does the phone get an ipaddress in the range of 192.168.1.x ???
BAZINGA!
I'm not insane, my mother had me tested!
www.lantel.nl
BAZINGA!
I'm not insane, my mother had me tested!
www.lantel.nl
amriddle01
Programmer
- Thread starter
- #7
- Thread starter
- #8
Here are the settings we have...The VPN establishes no problem..just nothing after that..
Sonicwall Settings
WAN Group VPN
General Tab
Authentication Method - IKE using Preshared Secret
Name - WAN GroupVPN
Shared Secret - 12A1360A0208F9F8
Proposals Tab
DH Group - Group 2
Encryption - 3DES
Authentication - SHA1
Lifetime - 28800
Protocol - ESP
Encryption - 3DES
Authentication - SHA1
Check Enable Perfect Forward Secrecy
DH Group - Group2
Life Time - 28800
Advanced Tab
Allow Unauthenticated VPN Client Access - LAN Primary Subnet
Client Tab
Virtual Adapter settings - This Gateway Only
Allow Connections To - Set Default Route This gateway
VPN Phone Settings
VPN- Enable
VPN Vendor- Juniper
Gateway - 173.162.175.181
External Phone address- 0.0.0.0
External Router- 0.0.0.0
External Subnet- 0.0.0.0
External DNS- 0.0.0.0
Encapsulation- 4500-4500
Copy tos- no
Auth Type- PSK
IKE ID - GroupVPN
PSK - 12A1360A0208F9F8
IKE Phase 1
IKE ID Type - FQDN
DH Group - 2
Encryption ALG - 3DES
Authentication ALG – SHA1
IKE Xchange Mode - Aggressive
IKE Config Mode - Disable
XAUTH - Disable
Cert Expiry Check - Disable
Cert DN Check - Disable
IKE Phase 2
Encryption ALG - 3DES
Authentication ALG – SHA1
DH Group - 2
Protected Nets - Main office IP Scheme (i.e. 192.168.1.0/24)
IKE over TCP- Never
Sonicwall Settings
WAN Group VPN
General Tab
Authentication Method - IKE using Preshared Secret
Name - WAN GroupVPN
Shared Secret - 12A1360A0208F9F8
Proposals Tab
DH Group - Group 2
Encryption - 3DES
Authentication - SHA1
Lifetime - 28800
Protocol - ESP
Encryption - 3DES
Authentication - SHA1
Check Enable Perfect Forward Secrecy
DH Group - Group2
Life Time - 28800
Advanced Tab
Allow Unauthenticated VPN Client Access - LAN Primary Subnet
Client Tab
Virtual Adapter settings - This Gateway Only
Allow Connections To - Set Default Route This gateway
VPN Phone Settings
VPN- Enable
VPN Vendor- Juniper
Gateway - 173.162.175.181
External Phone address- 0.0.0.0
External Router- 0.0.0.0
External Subnet- 0.0.0.0
External DNS- 0.0.0.0
Encapsulation- 4500-4500
Copy tos- no
Auth Type- PSK
IKE ID - GroupVPN
PSK - 12A1360A0208F9F8
IKE Phase 1
IKE ID Type - FQDN
DH Group - 2
Encryption ALG - 3DES
Authentication ALG – SHA1
IKE Xchange Mode - Aggressive
IKE Config Mode - Disable
XAUTH - Disable
Cert Expiry Check - Disable
Cert DN Check - Disable
IKE Phase 2
Encryption ALG - 3DES
Authentication ALG – SHA1
DH Group - 2
Protected Nets - Main office IP Scheme (i.e. 192.168.1.0/24)
IKE over TCP- Never
amriddle01
Programmer
The IP phone shouldn't have an address in the same range as the system, it can't be routed correctly if it has, that's what Peter was suggesting too 
- Thread starter
- #10
amriddle01
Programmer
A VPN cannot work between sites with the same subnet, it's impossible. Any trafic for 192.168.1.X is seen (correctly) as local and therefore not routed via the gateway address
- Thread starter
- #12
- Thread starter
- #13
amriddle01
Programmer
I was able to connect my 9620L to a SonicWall NSA240 using the settings mentioned and it establishes a tunnel. However, after that point the phone appears to connect the the IPO but eventually switches to Discover x.x.x.x. According to SonicWall, the phone needs to get an IP address from the VPN appliance. Were there any other settings needed in order to get a virtual IP address on the phone from the SonicWall? It is not a subnet conflict because the main network is 192.168.0.x and the remote is 192.168.1.x
hairlessupportmonkey
IS-IT--Management
LOL at networking school 101! ;-)
you should create a VPN DHCP pool on the router and set the phone for config mode.
problem of routers on same subnets will go away.
ACSS - SME
General Geek
you should create a VPN DHCP pool on the router and set the phone for config mode.
problem of routers on same subnets will go away.
ACSS - SME
General Geek
- Status
