Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Connecting 9608 Remote Sets options

Connecting 9608 Remote Sets options

Connecting 9608 Remote Sets options

Well I have been trying to avoid this, but it fell in my lap.
I have a customer with an IP Office 500 V2 Build 5 Essential Edition
The previous vendor sold then 3 each 9608 sets for Remote VOIP
Along with 3 endpoint licenses

Site A is where the IP 500 is at
And Site B is the Remote site where the 3 phones will be located

I have never before attempted to do any type of Remote sites
And have always used another Vendor when something like this was above my head
However, he decided to get out of the business all together
I myself have only been doing local IP systems

Site A has a Spectrum Modem that is in Hybrid mode and we have a Public Static IP address to use
There is no router on site and they are just using DHCP from the modem. Only a total of 6 wired devices on site
Everything else is using WiFi. Even the printers
Still trying to verify with Spectrum if they are using any WiFi from the Spectrum modem. I don't think they are. There is another AP device connected

Site B has a Spectrum Modem with just DHCP enabled on it where the Remote phones will be
They also have a POE Switch for me to use

Looking for advice to set this up. And since I have never done this before. I wouldn't mind paying another vendor in the San Antonio / Austin area to do this for me
Both sites are in Austin TX

Thanks in advance

RE: Connecting 9608 Remote Sets options

Get a pair of Sonicwalls (or similar) and build a VPN tunnel between the sites.

RE: Connecting 9608 Remote Sets options

On your firewall/router port forward ports 1719 UDP and 1720 TCP to the IP Office IP address.
Also, port forward RTP ports range 49152 thru 53246. If the range is too large, then use 10 or 20 of those ports only.
In Manager go to System/LAN1/VOIP and make sure H323 Gatekeeper is enabled. Also, make sure H323 Remote Extension Enable is checked.
Then in System/Network Topology fill the Public IP Address field and set up the Firewall/NAT Type field with the Static Port Block setting. These changes will require a reboot.
Then after the system reboot, in Manager go to the user and checkmark 'Enable Remote Worker'.
Also, go to Extensions and put a password there.
On the phone side, reboot the phone and when you see Program *, press the * (star) and enter the password CRAFT of 27238#
Then go to ADDRR and enter on the Call Server and HTTP Server fields enter the public IP address go Back and Exit to reboot.
The phone will reboot and if everything is set up properly, it will start downloading the files. At the very end will ask for the Extension and Password.

Good Luck.

RE: Connecting 9608 Remote Sets options

All hackers in the world would be very happy if you do it this way...

Free phonecalls from now on...

RE: Connecting 9608 Remote Sets options

That RTP range hasn't been default in IPO since 9.0 due to the fact that it opens access to management.

"Trying is the first step to failure..." - Homer

RE: Connecting 9608 Remote Sets options

Thanks for the info guys
Going to use the VPN as recommended
Their IT guy says that we only need One Sonic Wall at the IP 500 Site where the Static IP is
And I'm thinking to myself that you need one on each end for Open VPN since the phone side does not have a Static IP Address
Which one of us is full of BS?

RE: Connecting 9608 Remote Sets options

A single SonicWall at the site with the IP 500 and the static IP address. Make sure the local subnet is something that won't be used at the remote site(s). Program the "GroupVPN" on the SonicWall and the VPN settings in the phone.

RE: Connecting 9608 Remote Sets options

I took your advice Touch Tone Tommy
I got the SonicWall up and running at the IP 500 site
Have a Phone connected at the remote side
Came up and asked for extension and password. Which I entered
Then just stays in Discover with the LAN IP address of the IP 500 showing
Just noticed that you said to enter VPN settings on the phone
I enabled VPN
VPN Vendor is set as other
Then it asked for Gateway Address. Is this the Router Public Gateway or what?

And my Data guy is asking me if any ports need to be forwarded.


RE: Connecting 9608 Remote Sets options

No port forwarding.
Disable H.323 Transformations on VoIP > Setting of SonicWall

SonicWall Group VPN
Authentication Methood: IKE using Preshared Secret
Name: WAN GroupVPN
Shared Secret: {Password (PSK) goes here}
IKE (Phase1)Proposal
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1
LifeTime (seconds): 28800
Ipsec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: UNchecked
Life Time(seconds): 28800
Everything is UNchecked
Default Gateway:
Allow Unauthenticated VPN Client Access: LAN Subnets
Everything is UNchecked
Cache XAUTH User Name and Password on Client: Never
Virtual Adapter settings: None
Allow Connections to: Split Tunnels

Avaya 9608 phone
VPN: Enabled
VPN Vendor: Juniper\NetScreen
Gateway Address: Public IP address of SonicWall
External Phone IP Address:
External Router:
External Subnet Mask:
Encapsulation: 4500-4500
Copy TOS: No
Auth Type: PSK
IKE ID (Group Name): GroupVPN
Pre-Shared Key (PSK): Password (PSK) from SonicWall
IKE ID Type: Key_ID
IKE Xchg Mode: Aggressive
IKE DH Group: 2
IKE Encryption Alg: 3DES
IKE Auth Alg: SHA-1
IKE Config Mode: Disabled
Ipsec PFS Group: No PFS
Ipsec Encryption Alg: 3DES
Ipsec Auth Alg: SHA-1
Protected Network: a.b.c.0/24 (Subnet and mask of IP Office)
IKE over TCP: Auto

Set Call Server and HTTP Server to Internal IP address of IP Office (ADDR section of Craft menu)

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close