Filter
Top Products
VPNremote for 4600 Series IP Telephone Installation and Deployment
Avaya Inc. - Proprietary
Use pursuant to Company Instructions.
8
3.5 Welcome Banner
Many security gateways provide mechanism to deliver a Welcome Banner containing any
arbitrary text. The welcome Banner (or in the case of the Avaya SG client legal message)
can be used to deliver script text to the VPNphone when the VPN is being established.
Configuration parameters or changes to configuration parameters that are the same for all
VPNphones can be delivered using this scripting method.
The script portion of the banner message is indicated by the <START_SCRIPT> and
<END_SCRIPT> commands. Any text after the script is delivered as a welcome banner.
Within the script commands that would appear in the 46XX_settings.txt file can be
delivered. For example
<SCRIPT_START>
SET MCIPADD callserver.intranet.com
SET TFTPSRVR myfserver.intranet.com
SET TFTPDIR path
<SCRIPT_END>
The script start and end markers are case sensitive.
If script start and end markers are not present in the Welcome Banner, VPNremote
phones ignore it.
4.5.1 Avaya proprietary CCD method
Welcome banner is referred to as “Client Legal Message”. It sent to the IPsec clients
prior to user authentication hence it is advised that you don’t use this for sending
information that you consider sensitive. For example use DNS names instead of actual IP
address otherwise a potential intruder who may be randomly scanning for applications
that could be attacked may discover an IP address of the DNS server within the protected
network.
4.5.2 Xauth with preshared key method
At the present time, the only SG known to support welcome banner is Cisco VPN 3000
series concentrator. This device sends the Welcome banner only after validating user
credential; hence you can put any information in the welcome banner that you are willing
to share with VPNremote phone users.
3.6 Reauthentication on ReKey
This setting is specific to Xauth with Preshared key method. It is highly recommended
that you disable Reauthentication on Rekey if VPNphones are configured to prompt for
password every time rekey is required or when using token based authentication. If
reauthentication on rekey is used, the VPNphone will become disconnected from the