[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 986
  • Last Modified:

Avaya IP Phones, Astaro Security Gateway 220, and a netgear fvs338 for IP Phone VPN

I am in the process of implementing some ip phones in my environment.

I got my new Avaya 5610sw phone last week and set up the VPN in my existing Astaro Gateway.  The problem is that the phone has an SA lifetime of 5 days and the firewall will only except 24 hours.  I have spoken to support on both sides and neither can be changed.  So I am now getting ready to purchase a Netgear FVS338 to sit behind the Astaro firewall.  Avaya has tested this VPN firewall and it works with the phones.  I got some new ips and I would like to forward all the ipsec traffic coming from the new ip through the Astaro firewall to the Netgear box.  I have a T1 connection with a Cisco 1841.  I know nothing, absolutely nothing about Cisco routers.  Will I have to configure something on the Cisco box also as far as the new ip is concerned?  Also does this solution seem viable?  The idea sounds good but I'm not sure where to start as far as getting the traffic through the Astaro to the Netgear and back out.

Another question:
I would like to know if the home users connecting with the Avaya phones will be in need of a home router or if they can plug into a switch and still connect to the vpn.  In the ip phone, it has settings for the gateway, would i set this to there pcs gateway if they didn't have a router.  It would be the ip of the ISP gateway?  I have tried with a cable connection and just a switch and it doesn't even hit the Astaro box.

Also, would there be a way to share the remote users pc connection for the phone?  New at VOIP, thanks for any help.
  • 2
1 Solution
To address your second question first, the home users will definitely want routers. Besides providing a way for the phones and PCs to share internet access a router will maintain the VPN to your firewall and provide protection to your users from some basic Internet threats/issues (ensuring that they are able to do whatever it is you want them to do when on the phone).

As to your first question, I'd strongly recommend that you do not forward traffic through your Astaro to another firewall as that's bound to cause issues. An easier solution would be to connect both your Astaro and Netgear directly to the Cisco and give a public IP to each. If your Cisco router is maintained by your ISP they should be able to set this up with little difficulty. If you need to set it up yourself you can just add the command "ip address <ip> <subnet> secondary" to the interface on the Cisco that faces your internal network. This IP will be the gateway for the Netgear.

feenyx360Author Commented:
Before I was going to hook the netgear directly to the astaro box on another interface and astaro warned me against that.  I never thought to do it the way you recommended. It sounds like a great idea.  I will see what my other contacts say and this may be just the answer.  Thank for the recommendation. Kudos
feenyx360Author Commented:
Is it possible without a router on the home user's side? Just curious.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now