Filter
Top Products
VPNremote for 4600 Series IP Telephone Installation and Deployment
Avaya Inc. - Proprietary
Use pursuant to Company Instructions.
4
2 Introduction
This document describes how to install VPNremote firmware on 4600 series IP
Telephone product line. The 4600 Product line of IP Telephone consist of multiple
models; not all of which have the capability to support VPNremote firmware. The table
below lists all the 4600 series IP telephone models and indicates those which will support
VPNremote firmware.
IP Telephone Model VPNremote supported
4601 No
4602 No
4602SW No
4610SW Yes
4620 No
4620SW Yes
4621SW Yes
4622SW Yes
4625SW Yes
4630 No
4630SW No
4690SW No
3 Preparing Security Gateway for Remote Access
To create a successful VPN tunnel, the VPNremote phone must be capable of setting up
IPsec tunnel between itself and a Security Gateway. The VPN phone can use any of the
methods discussed below depending upon the type of security gateway used:
1. Avaya Security Gateway: When the VPNremote phone establishes a TLS
session with an Avaya security gateway (VSU or SG) it uses the Avaya
Proprietary CCD protocol. During the TLS handshake portion of the CCD
protocol, the phone verifies that the certificate presented by the security gateway
is issued by a trusted Avaya Certificate Authority (CA). The next phase involves
the exchange of user credentials. After that user credential are sent to the security
gateway, if user credentials are correct, the security gateway sends the IKE
configuration necessary for establishing IPsec SAs, an IP address from the Client
IP Address pool, the IP address of the DNS server, a List of protected IP Subnets
and the
Welcome Banner. This set of information is sufficient to create the VPN
tunnel and to allow the IP phone code to communicate with its CM to become
operational.