Filter
Top Products
VPNremote for 4600 Series IP Telephone Installation and Deployment
Avaya Inc. - Proprietary
Use pursuant to Company Instructions.
10
Phone 1645 No UDP
QTEST
Phone 1645 No No
3.8 Firewall rules on the public side of the security gateway
Use the table below to create firewall rules on the public side of the security gateway
Source Source
Range
Config-
urable
source
protocol Destination Dest
Range
Configura
ble dest
Response
from dest
Phone Any No TCP
TLS
SG public
interface
1443 No Yes
Phone Any No UDP
IKE /
IPsec
SG public
interface
500 No Yes
Phone Any No UDP
IKE /
IPsec
SG public
interface
4500 No Yes
Phone NA NA ESP (51) SG public
interface
NA NA NA
3.9 Manufacturer specific issues
This section highlights the known manufacturer specific issues which interfere with
VPNremote phones functionality.
3.9.1 Cisco systems, Inc. VPN 3000 series concentrator
1. Under Client FW tab of the VPNremote phone group “No Firewall” option must
be selected for the attribute “Firewall Setting”.
2. Under HW Client tab of the VPNremote phone group, all attributes must be left
unchecked.
3. Under NAC tab of the VPNremote phone group “Enable NAC” must be left
unchecked.
4. Under IPsec tab of the VPNremote phone group, the value for attribute“Client
type & Version limiting” must be left blank.
5. VPNremote phones users will not be able to change password upon password
expiry when using Radius with expiry.
4.9.1.1 Symptoms:
In case of 1,2,3 and 4 VPNremote phone will fail to complete IKE phase 2.
In case of 5 authentication failure after password expiry.
3.9.2 Juniper/Netscreen
1. Security Gateway must be running Screen OS 5.1.0 or higher.
2. Disable H.323 ALG unless the gateway has patch XXXX installed.
3. Disable shuffling on Call Server.
4.9.2.1 Symptoms: