IP communicator from LAN over WAN port

Unanswered Question
Feb 20th, 2009

I have been trying to test the ip communicator on our lan with no success.

currently I have a UC520 device with a couple of 524 IP phones for testing

and learning. I have connected the unit to our LAN using the wan port.

I have assign the wan port an IP address from our lan and thas how I'm

able to manage the unite via telnet from our lan. I'm also able to launch ccme from

a PC on the lan using the ip on the wan interface.

I have installed ip communicator on test laptop connected to one of the ports of the UC520 and

it works great.

I would like to install IP communicator on a PC on my lan and be able to register with the UC520.

Currently both the data and phone vlan are using the factory default subnets.

What do I need to do in order to be able to use IP communicator from the LAN that is direcctly

connected to the want port of the UC520?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Steven DiStefano Fri, 02/20/2009 - 08:11

I think I follow :-)

The test configuration may be the challenge, as the IP communicator needs to route to 10.1.1.1 so you may have to verify routing from your corporate LAN router and PC to route via the GW of the UC500 WAN IP, which in your cases is a LAN IP of a different network, and adjust FW since thats really not intended operation for FE0/0.

The fact that CIPC works great on the UC500 LAN is as designed.  To operate CIPC remotely, it is usually behind a ISR871 remote teleworker or SR520W teleworker with an IPSec tunnekl to the UC500 WAN.

Does this make any sense or am I off track?

rjazar2007 Wed, 03/25/2009 - 03:43

Hi,

I think I have the same issue and i need to open an IP communicator and connect remotely through VPN to the UC500.

the UC500 is behind a DSL router (Fortinet), I tried to connect the DSL router to the WAN port of the UC500 and I deleted all firewall settings.

the static ip route between 192.168.10.0 and 10.1.1.1 is already configured in the UC500 by default.

do I need additional configurations?

Thanks in advance,

JOHN NIKOLATOS Wed, 03/25/2009 - 05:47

Rjazar - For this to work, you have to do a few things on your firewall.   You have to make sure that you tunnel the IP addresses for both your data VLAN and your voice VLAN.  So can you PING the 10.1.1.1 server and the 192.168.10.1 server?

Now there is another question I have and some information.  Like the post above...  You do not have to use the UC500 WAN port at all.  If you have a firewall that is capable of VPN then you would not use the WAN port of the UC500 unless you have a reason to.  The UC500 can be the VPN and the Firewall but it does not have to.  In this senario, you would plug the Fortinet into the LAN ports of the UC500 just like any inside device.  The WAN port on the UC500 will not be connected.

You can connect to the UC500 WAN port, but you will have to make a private network between the UC500 and the forinet, properly configure NAT on the fortinet and routing between the 2 devices for all networks.

Ohh my question...  Do you want to use the fortinet for the firewall or the UC500.  If it is the UC500 I would just bypass the forinet and properly set up the uc500 to firewall and nat for you.

rjazar2007 Wed, 03/25/2009 - 06:02

Thanks jnikolatos for your quick reply,

The Fortinet router i am using is the firewall and VPN, so no need for the WAN port as you are saying.

the ping through VPN is stopped for security reasons. but I am trying to put 192.168.10.1 in the address bar of the browser, it does not work.

does the denying of using ping affect my connection to the UC500?

Please note: that my UC500 is connected to a CE520 switch. so I can connect the router directly to the switch.

THANKS

rita.azar Wed, 07/22/2009 - 09:44

Hi,

I understand that we have t ohave to use the LAN port of the UC500 if it is behind a router and the router is doing VPN and firewall.

if the corporate network is different than 192.168.10.0 , in this case do you suggest t ochange the default ip of the uc500  and the ce520 switch or to use a router with two ethernet ports and two between them ?

what solution is preffered?

thanks,

Marcos Hernandez Thu, 07/23/2009 - 07:17

I am not sure I understand your question, but CIPC does NOT have to be directly connected to UC500 to operate...

Marcos

rita.azar Thu, 07/23/2009 - 09:17

I am not asking about CIPC which I set it remotely and I connected it to company's network through VPN, and it is working properly.

the company network is 192.168.10.0 255.255.255.0 and the uc500 default data network is 192.168.10.0 255.255.255.0, so I connected the LAN interface of the UC500 to the router interface because the works as VPN and firewall

but I am wondering if the company's network is different than 192.168.10.0 do we have to connect the WAN to the router OR

to use a router with 2 LAN interfaces and to route between them?

are these solutions right? which one do you suggest ?

thanks

JOHN NIKOLATOS Fri, 02/20/2009 - 08:21

The issue is the way you placed it in your LAN.  First of all, you do not need to place it in your LAN to test IP COMMUNICATOR.  So simply install the software on your laptop of PC and plug that device into the UC500.  You may have to RIGHT CLICK on the software client and set the IP address of your TFTP server (UC500 device) typically at 10.1.1.1 by default.

To hook the UC500 to your internal pre-existing LAN, you would most likely use a LAN port not hte WAN port.  The WAN is to interface with the ISP, by default firewalling and other things will make it hard to test because NAT and firewalling will have to be set up properly.

JMadrugaADM Fri, 02/20/2009 - 09:04

Would I be able to use the ip communicator from the regular lan through the uc520 lan port if configured porpperly?

JOHN NIKOLATOS Fri, 02/20/2009 - 09:11

yes you could.

Remember that the UC500 has VLAN's and your internal switches may or may not support this.  So you would have to match up the VLan's.  But most likely just plug your Uc520 into your switch using a LAN port.  As long as you are on the same IP subnet.... you can use it.

JOHN NIKOLATOS Wed, 03/25/2009 - 07:40

Sounds like you are blocking more than ICMP.   You are going to need to be able to test connectivity.  You could also try 10.1.1.1 address and 10.1.10.1

Right now you have a connectivity issue.  Also make sure you are defining the TFTP server under your softphone (right click on the softphone screen) and that you can load the softphone locally first because the MAC address has to be defined with an extension.

rjazar2007 Wed, 03/25/2009 - 08:23

do you mean that the firewall is blocking ports needed by the UC500 ? the file that Marchen posted shows the ports that are used by the UC500

knowing that the VPN is working fine and I am able to connect to a server in the network.

concerning The softphone I already added the CIPC in the CCA  and  I set my TFTP server to 10.1.1.1.

another issue I faced when I directly connected my PC with softphone to the UC500, it is shown in the but it seems that Vista which is runnig on my laptop is unsupported.

after a research I found that it must be working.

thanks

Actions

This Discussion