79xx Phone Over VPN Connection ... How To Set Up??

ischarcm · ‎07-10-2003

I have been tasked with getting my director to be able to take home a 7940 and use it over his vpn connection back to the hospital over his cable modem. I am not sure where to start or what the steps are. He doesn't want softphone, but an actual IP Phone. The one thing I definitely know I have to do is open some range of UDP ports on the firewall, but I am not sure what the range was. I also don't know the next series of steps. Do I program the phone just as any other in the call manager (3.2)?? Are there settings on the phone itself that must be programmed differently? Please help..

c-charlebois · ‎07-10-2003

If it's over a VPN connection, you shouldn't have to open anything on the firewall, unless you have a firewall blocking your VPN. The trick is, in order for the IP Phone to use the VPN connection, the VPN needs to be hardware based. A SOHO 91 ethernet router will allow a permenent hardware-based VPN that will allow the phone to connect seamlessly (and yes, it would be configured like any other phone). An added bonus is that he won't have to start up a software VPN client on his desk/laptop.

ischarcm · ‎07-10-2003

THank you... assuming our firewall does block our vpn, what are the ports to open for udp... as I remember from someone telling me its a pretty big range.. something like 32xxx - something..

dugrant · ‎07-10-2003

16384-32768

I kind of doubt that you have a firewall blocking vpn traffic though.

zulfi · ‎07-10-2003

If you want to simplify your configuration and don't want to configure hardware based VPN than use Clarisys.com (handset) with softphone. It works great with softphone over VPN. Another advantage of using clarisys is mobility, your director can take this phone with him when he is traveling.

hope it helps.

-Zulfi

paul.harrison · ‎07-10-2003

If your Firewall is blocking VPN traffic, then

1.) fix your Firewall, it shouldn't work like this

2.) Turn on tracing on the firewall and see what it's blocking (best do it at a quiet time)

3.) Use the results of 2 to open up the ports. Most of the ports you need are well known configurations like UDP voice (16384 - 32767) but there are some odd ones (TCP 46 ??) so best approach is suck it and see.

The idea of a VPN is that it's from a known source and is encrypted, if your Firewall is blocking traffic on your VPN then you obviously do not trust the source which means the VPN is a little pointless.

Paul

orebollido · ‎07-14-2003

I was tasked the same thing. I started off with a PIX 501 with the latest version 6.3.1. I configured it as a hardward VPN client back to our 3000 Concentrator. I'm not sure if this applies to you, that's how we got our 7940 IP phone behind the PIX to connect to our CallManager. We have tested it on a cable and DSL modem.

Here's the link that got me started:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094cf8.shtml

alai · ‎07-16-2003

If he's at home using a cable modem, he's probably not on static IP. His ISP is either providing him an IP through PPPoE or dhcp. What I would do in this situation is set up Pix 501 behind his cable modem or router and set up the outside interface of 501 accordingly- either PPPoE or dhcp. You'd then set up dynamic VPN between the office and the Pix 501 so that you don't need a static IP remotely.

Once you have VPN established, the phone should get all the settings dynamically via dhcp from the inside interface of the 501. Make sure you include the voice vlan in the nonat statements for your VPN.