How to configure WAN GroupVPN for Avaya Phones
03/26/2020 84 People found this article helpful 481,600 Views
Description
This article explains how to configure WAN Group VPN for use with Avaya IP Phones VPN.
Resolution
On the SonicWall, configure WAN Group VPN and enable IKE Mode Configuration:
TIP: If you are on 6.5.4 firmware and above, please remember to enable the GroupVPN on the WAN interface under Manage | Network | Interfaces - edit the desired WAN Interface, under the Advanced Tab select
On the Avaya Phones set following:
VPN Config. | General
> VPN = Enabled
> VPN Vendor = Other
> Gateway Address = SonicWall Public IP (or FQDN if IP is dynamic)
> External phone IP = Blank / 0.0.0.0
> External router = Blank / 0.0.0.0
> External subnet mask = Blank / 0.0.0.0
> External DNS server = Blank / 0.0.0.0
> Encapsulation = 4500-4500
> Copy TOS = No
****click right arrow****
VPN Config. | Auth. Type
> Auth type = PSK with XAUTH
TIP: If user authentication is disabled on the GroupVPN (not recommended), set this to "PSK"
****click right arrow****
VPN Config. | User Cred.
> VPN user type = Any
> VPN user = set the Username configured for VPN access for Avaya in SonicWall
> Password Type = Save in flash
> User Password = set the Password configured for the Avaya user in SonicWall
****click right arrow****
VPN Config. | IKE PSK
> IKE ID (Group name) = GroupVPN (skip the "WAN" and space)
> Pre-Shared Key (PSK) = type in Preshared Key set on the SonicWall for Group VPN
****click right arrow****
VPN Config. | IKE PHASE 1
> IKE ID type = IPV4_ADDR (or "FQDN" if FQDN was used before - see Gateway address value under VPN Config. | General)
> IKE Xchange mode = Aggressive
> IKE DH group = 2
> IKE Encryption Alg. = AES-256
> IKE Auth. Alg. = SHA1
> IKE Config. Mode = Enabled
****click right arrow****
VPN Config. | IKE PHASE 2
> IPSec PFS DH group = 2
TIP: If PFS is disabled on Group VPN set this to "None"
> IPSec Encryption Alg. = AES-256
> IPSec Auth. Alg. = SHA1
> Protected Network: 0.0.0.0/0
> IKE Over TCP: Never
NOTE: IKE phase 1 and 2 settings have to match settings made on GroupVPN
After completing the settings, test the connection.
See also:
Understanding and Troubleshooting Common Log Errors Regarding VPN Policies and GVC - https://www.sonicwall.com/support/knowledge-base/?sol_id=170505246309804
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!
Related Articles
Categories