×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Sonicwall TZ215 VPN Phones
2

Sonicwall TZ215 VPN Phones

Sonicwall TZ215 VPN Phones

(OP)
I have been trying to get a VPN phone working with a Sonicwall TZ215 FW:Enhance 5.8.1, the phone is a 9608 going to an IPO R:9.1.3. The IT provider that I have been working with has given me this email which states that Sonicwall will not work with the VPN phones.

This is not going to happen this way. The firmware used in your link is much older than what we are using. As stated by SonicWALL this will not work with newer models and firmware. So I cannot spend any more time on trying to get this to work.

There subnet they have for their network 192.168.1.x 255.255.255.0 /24. It is entered as a network. Not a range, not a host.

The log says there VPN log does not meet phase 2. But it’s very limited as they have no view point server for logging, or something similar. You got about 60 seconds worth data saying the same thing on your end.

So you can modify your settings however you want. You have all of the info needed to connect, if the phone is capable.

VPN’s need to renegotiate all the time whenever they come from different routes. So when a route changes your device will not auto negotiate the tunnel again causing us to bounce their VPN tunnel. The Sonicwall will keep trying to communicate on the old tunnel with its initial SA until it’s been bounced.

We are getting past the phase 1 but it fails on phase 2, we have checked this against the Sonicwall and it seem OK but I have been through this before and gotten it working when we get the right person looking at the Sonicwall. Has anyone gotten this working so that I can tell the IT provider to pound sand and fix his settings?
Mike

RE: Sonicwall TZ215 VPN Phones

It has been a while since I've set up a VPN with a Sonicwall on a new install, but I have added a few to old installations somewhat recently. The only issue I've had was that sometimes I had was with the Protected Nets entry in the phone. Sometimes I had to leave it blank for the phone to work and sometimes I needed to put in the Remote Net information.

I assume your familiar with the Tech Tip for the VPN phone setup with Sonicwalls, but perhaps one of these which focus on the Sonicwall setup might help your IT vendor.

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0
http://downloads.avaya.com/css/P8/documents/003854...

Application Notes for Configuring a SonicWALL VPN solution with an Avaya IP Telephony Infrastructure using Avaya IP Office in a Converged VoIP and Data Network - Issue 1.0
http://devconnectprogram.com/fileMedia/download/dd...

I've always done both the Sonicwall setup and the VPN phones and honestly it was very simple. I actually strongly dislike the Sonicwall programming interface but continued to use it because it was cost effective enough and so simple to setup. Sonicwall still boasts of being an Avaya Devconnect Partner and Avaya is still listed on their website as one of their technology alliance partners. It is possible that they no longer support Avaya VPN phones in their new firmware, but I haven't read or heard anything to that effect. It would also be odd given that they still seem to be an Avaya Devconnect partner.

RE: Sonicwall TZ215 VPN Phones

If its failing on Phase 2 then you have a mis match of settings on phase 2 between the sonicwall and your phone.

On the phone verify your VPN Config in the IKE Phase 2 section, one of these settings is not matching.

I have mine set to DH Group 2, 3DES, SHA-1 , 0.0.0.0/0, and Never for IKE over TCP.

RE: Sonicwall TZ215 VPN Phones

2
We have hundreds of VPN phones connecting back to Sonicwalls. They are one of the easier ones to setup.

Here is a doc you can pass to the IT guys - this is tried and tested and designed to be simple to follow - https://www.dropbox.com/s/qnpg0s2ya43qiua/SonicWal...

Then we give them another document that has the following on it to show what we have to enter onto the phone

Company Name Pinnacle
Phone Type 96xx
CallServer IP address of phone system
Profile Other
Auth Type PSK With Xauth
Server x.x.x.x
Username Username created during previous document
Password Password created during previous document
Group Name GroupVPN
Group PSK Presharedkey
VPN Start Mode Boot
Password Type Save in Flash
Encapsulation 4500-4500
Syslog Server N/a

IKE Parameters
IKE ID Type FQDN
Diffie-Hellman Group 2
Encryption Alg 3DES
Authentication Alg SHA-1
IKE Xchg Mode Aggressive
IKE Config Mode Disabled
Xauth Disabled
Cert Expiry Check Disabled
Cert DN Check Disabled

IPSec Parameters
Encryption Alg 3DES
Authentication Alg SHA-1
Diffie-Hellman Group 2

Protected Nets
Virtual IP
Remote Net #1 192.168.x.0/24
Remote Net #2
Remote Net #3
Remote Net #4
Remote Net #5

Copy TOS No
File Svr 0.0.0.0
Connectivity Check First time
Qtest No


Using this document (with all correct details entered) even our junior engineers can quickly and easily configure a new VPN handset.

| ACSS SME |

RE: Sonicwall TZ215 VPN Phones

Pepp77 you are a legend peace

RE: Sonicwall TZ215 VPN Phones

I wouldn't go that far @tidypants!! It'll go to his head winky smile

ACSS (SME)

RE: Sonicwall TZ215 VPN Phones

(OP)
Thanks for the info Pepp77, I believe that the IT provider missed the enable perfect forwarding secrecy setting. I am having him turn it on now and will let you know.
Thanks Mike

RE: Sonicwall TZ215 VPN Phones

(OP)
Hey Pepp will this also work with the 46XX series phones?
Mike

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close