Filter
Top Products
VPNremote for 4600 Series IP Telephone Installation and Deployment
Avaya Inc. - Proprietary
Use pursuant to Company Instructions.
5
2. Third Party Security Gateways using Xauth with Preshared Key: The VPN
Phone will communicate with any third party security gateway that strictly
implements the Xauth with preshared key. IKE Extended Authentication (Xauth)
is a draft RFC developed by Internet Engineering Task Force (IETF) based on the
Internet Key Exchange (IKE) protocol. Xauth allows security gateways to
perform user authentication in a separate phase after the IKE authentication phase
1 exchange is complete. The VPNphone uses the preshared key to authenticate the
security gateway and create a temporary secure path to allow the end user to
present credentials to the gateway. After user authentication is successful, the
security gateway sends an IP address from the Client IP Address pool, IP address
of the DNS server and the Welcome Banner. The VPN Phone has been tested
with the implementation of Xauth with preshared key implemented by Cisco and
Juniper security gateways; however, any security gateway that process Xauth with
PSK exactly like the juniper or Cisco gateway should work with the VPNphone.
All of the supported security gateways have several options and must be configured to
support the creation of a VPN tunnel with the VPNphone. To support the VPNphone, the
administrator of the security gateway must prepare the security gateway for remote
access using one of the methods mentioned above. Refer manufacturer provided admin
guide for all the procedures necessary to configure the gateway.
To verify the configuration steps you can use the manufacturer provided IPsec Client to
setup a VPN tunnel using the protocol selected. If the VPN tunnel is successfully
established, you have verified that the security gateway is correctly configured and the
step of creating a VPN tunnel between the VPNphone and the security gateway should be
successful.
The remainder of this section will provide the needed sets of capabilities that must be
configured into the security gateway to support successful interactions between the
gateway and the phone. Each of the paragraphs describes the most common of these VPN
Configuration parameters and there relevance to VPNremote phones as IPsec clients.
3.1 IKE and IPsec Configuration
4.1.1 Avaya Proprietary CCD protocol
All the necessary interactions between the VPNphone and an Avaya security gateway are
handled using default configurations; therefore, no actions must be taken with respect to
the security gateway.
4.1.2 Xauth with Preshared Key method
By default VPNremote phones sends following proposal list during phase1 negotiation,
so the security gateway should be configured to accept one of these IKE parameters:
1. AES-128,HMAC-SHA1,DH-2
2. AES-128,HMAC-MD5,DH-2
3. 3DES,HMAC-SHA1,DH-2