Avaya IP Phones, Astaro Security Gateway 220, and a netgear fvs338 for IP Phone VPN

I am in the process of implementing some ip phones in my environment.

I got my new Avaya 5610sw phone last week and set up the VPN in my existing Astaro Gateway.  The problem is that the phone has an SA lifetime of 5 days and the firewall will only except 24 hours.  I have spoken to support on both sides and neither can be changed.  So I am now getting ready to purchase a Netgear FVS338 to sit behind the Astaro firewall.  Avaya has tested this VPN firewall and it works with the phones.  I got some new ips and I would like to forward all the ipsec traffic coming from the new ip through the Astaro firewall to the Netgear box.  I have a T1 connection with a Cisco 1841.  I know nothing, absolutely nothing about Cisco routers.  Will I have to configure something on the Cisco box also as far as the new ip is concerned?  Also does this solution seem viable?  The idea sounds good but I'm not sure where to start as far as getting the traffic through the Astaro to the Netgear and back out.

Another question:
I would like to know if the home users connecting with the Avaya phones will be in need of a home router or if they can plug into a switch and still connect to the vpn.  In the ip phone, it has settings for the gateway, would i set this to there pcs gateway if they didn't have a router.  It would be the ip of the ISP gateway?  I have tried with a cable connection and just a switch and it doesn't even hit the Astaro box.

Also, would there be a way to share the remote users pc connection for the phone?  New at VOIP, thanks for any help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To address your second question first, the home users will definitely want routers. Besides providing a way for the phones and PCs to share internet access a router will maintain the VPN to your firewall and provide protection to your users from some basic Internet threats/issues (ensuring that they are able to do whatever it is you want them to do when on the phone).

As to your first question, I'd strongly recommend that you do not forward traffic through your Astaro to another firewall as that's bound to cause issues. An easier solution would be to connect both your Astaro and Netgear directly to the Cisco and give a public IP to each. If your Cisco router is maintained by your ISP they should be able to set this up with little difficulty. If you need to set it up yourself you can just add the command "ip address <ip> <subnet> secondary" to the interface on the Cisco that faces your internal network. This IP will be the gateway for the Netgear.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
feenyx360Author Commented:
Before I was going to hook the netgear directly to the astaro box on another interface and astaro warned me against that.  I never thought to do it the way you recommended. It sounds like a great idea.  I will see what my other contacts say and this may be just the answer.  Thank for the recommendation. Kudos
feenyx360Author Commented:
Is it possible without a router on the home user's side? Just curious.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.