You need to use https over port 443 or 411(preferred) and a valid FQDN and a valid configurated certificate.
Enable System > LANx > "Use Preferred Phone Ports" to enable the use of port 411
Enable the Gatekeeper, SIP registrar and "Layer 4 Protocol" TLS>
Fill in the WAN ipaddress in system > LANx > "Network Topology" > "Public IP Addrss"
Fill in System > DNS data
Enable System > VoIP > VoIP > "Direct Media Within NAT location" if Voip audio fails
Set System > VoIP > VoIP Security to "Preferred". This is optional, it has impact to all IP Phones!
Assign the appropriate users a "Power User" License and enable "One-X Portal Services", "Enable Desktop/Tablet Voip Client" and "Enable Mobile VoIP Client" only
Get a DNS A-record like voip.customerdomain.com assigned to the customers WAN IP Address
On the local DNS server voip.customerdomain.com must point to the local IP Office IP Address.
On the firewall forward TCP port 411 and 5061 to IP Office and forward UDP 46750 upto 50750 towards the IP Office.
The below part about the 46xxsettings file is only to to bypass a bug in the Equinox Client 3.5.5 using a 3rd party Certificate.
First what is needed is to download a copy of the AUTOGENERATED 46xxsettings.txt file using your browser. You may need to change the HTTP setting in system configuration to disable http for Avaya Clients only to be able to download this file.
Modify the 46xxsettings file under the heading "# SETTINGSK1XX" and add "SET TLSSRVR voip.customerdomain.com"
Next modify the 46xxsettings file, find the section "# SETTINGSEQNX" and add a line after it with the FQDN for your system as follows "SET TLSSRVR voip.customerdomain.com"
At the bottom of the SETTINGSEQNX section there is a line that states "GOTO END" modify that line to "GOTO NONSPECIALS"
Then at the bottom of the entire fill add in "# NONSPECIALS"
Your additions should look like this in the file:
## IPOFFICE/11.0.4.0.4 build 1 192.168.110.30 AUTOGENERATED
# SETTINGSK1XX
SET TLSSRVR ipo.domain.com
-----------------------------------
# SETTINGSEQNX
SET TLSSRVR ipo.domain.com
GOTO NONSPECIALS
# SETTINGS1603
----------------------------------
# END
GET 46xxspecials.txt
# NONSPECIALS
Configure a self signed certificate in IP Office using the security manager and use these parameters:
The Subject Alternative Name(s) field should include the following entries, each separated by a comma. Multiple entries are required if using both LAN1 and LAN2:
DNS entries for the system's LAN1 and/or LAN2 SIP Domain Name, eg. DNS:voip.customerdomain.com
[ul][li]DNS entries for the system's LAN1 and/or LAN2 SIP Registrar FQDN, eg DNS:voip.customerdomain.com[/li]
[li]IP entries for the system's LAN1 and/or LAN2 IP addresses, eg. IP:192.168.42.1, IP:192.168.43.1[/li]
[li]If supporting remote workers, add an IP entry with the public IP address of the IP Office.[/li]
[li]SIP URI entry for the LAN1 and/or LAN2 SIP Domain Name, eg. URI:sip:voip.customerdomain.com[/li]
[li]SIP URI entry for the LAN1 and/or LAN2 IP address, eg. URI:sip:192.168.42.1[/li]
[li]If using a separate HTTPS file server, add a SIP URI entry for the file server's domain name.[/li]
[/ul]
Install the certificate if the IP Office onto the device
Install Equinox as per manual and use "
as the website to connect to FQN=voip.customerdomain.com