Avaya 5610SW IP Phones and Sonicwall NSA240

what are you using on the phones to establish the vpn? are you sure the settings are correct...i know, stupid question. phase 2 is where the vpn negotiates the network. where are the phones deployed? is it possible the phones have identical subnets where they are physically located as is specified in the vpn policy?

just tossing out any ideas i can think of.

is your NSA running the latest firmware? how are the phones getting an IP address? maybe they are getting a duplicate of another device? do you have enough IP addresses allocated?

how do you have the sonicwall configured to allow the phones to connect? l2tp, etc.

Since the settings are the same as the 4 phones currently in service, I would say the settings should be correct.  The phones are deployed off site at employees' home offices.  Since all users are using their own routers, we have ensured that the gateway IP address is different than the one the phone would be connecting to once the tunnel has been established.  I will double check all settings, however.
Thanks

Well safarimicro, you are not alone. I own a company in southern CA with one corporate location and one remote location (my home 12 miles away). The remote site has had a long running successful use of an Avaya VOIP phone (4620SW and/or 4621 SW) for over five years with minimal problems using a little Sonicwall TZ 170 or 190 at my home remote site. This January we replaced our old Sonicwall "mother" router, a 2040, at the corporate site and installed a new SonicWall NSA 240. IMMEDIATELY UPON INSTALLING IT THE REMOTE VOIP PHONE STOPPED WORKING. Our off site IT team and I  as the company owner have spent countless hours on the phone with Avaya Level 3 tech support in Denver and with Sonicwalll to no avail. The other computers and printers at my home under the subnet all worked fine after the NSA 240, but not the phone. I have swapped out 3 Avaya 4620/4621s with no luck. We can easiliy ping (local IPs) the remote phone, router, and the Avaya contral unit and call server from anywhere---we clearly see the phone loading the Avaya bin files.......our IT guy did packet traces....the phone briefly worked once for 5 minutes when the firmware on the NSA 240 was downgraded, but we were not able to replicate this after upgrading and then downgrading the firmware again on the 240. We are running the phone system off a IP Office 403 control unit and we are running version 3.2 (69) version IP Office which is same as 5.2(69) version of Phone Manager.  Avaya tech support made me pay them $180 for 45 minutes of level 3 support and accomplished nothing. We are using a VPN connection. I will copy my IT guy on this now as well, but I would appreciate any info you might have on this.  THIS PROBLEM IS DRIVING US ALL INSANE. There is some incompatibility between the Voip phone and the NSA 240, but no one knows what it is. Apparently there is a difference between using the phone as the VPN client which my IT guy thinks is how you are doing it and us where we are establishing a vpn tunnel between the mother and the remote TZ170 router. And I realize you are using an Avaya 500 unit vs our 403, but this is clearly something that is related to the NSA 240. Please give me any thoughts on this. Thanks.

I'll keep you apprised, jconsidine.  Sonicwall is NO help whatever.  Three years ago, we were using a Cisco ASA5500, and using that with the IP phones is somewhere between a dismal failure, and a hit or miss proposition.  My going to the Sonicwall applicance was a white paper I read concerning the use of the hardware together, utilizing it the way you are attempting to: VPN with another Sonicwall, then using the IP phone.

We did have some adjustments to make in the NSA appliance before the IP phones did work, but, once that was done, we have had success with the 4 that are in use now...three in the Phoenix metro area, and one on the island of Kauai. I would be happy to share our Phone settings with you, if needed.
We have done nothing to the NSA240: no firmware upgrades either!  Don't like them, and avoid them unless there is a "fatal" reason why I should upgrade.  We use several types of Home/Office routers: Dlink DGL4100, DGL4300 for example, and mine has been in use over three different ISPs over the past three years: Cox, Pavlov Communications, and now, Oceanic-Time Warner.
We have found that, with the routers being used in home office settings, all that needs be done, is for the router to pass VPN...nothing more... I don't doubt that other makes/models would work as well.

I considered going your way: VPN, but costs for a TZ series router are prohibitive, plus, I am not impressed with Sonicwall's Tech Support, as I am not with Avaya's.
I couldn't be more pleased with my IP, operating in the middle of the pacific: calls to the continental east coast vary from high quality cell, to land line. Some latency, for sure, but not as much of a problem as you would think.  Our Avaya 500 is located in the Metro Phx area.

please see my first post immediately above this one. And that's not all. We previously used to be able to set up Avaya soft phone on laptops using a vpn tunnel either with a public IP on a laptop outside the network, or with a desktop at the remote site under the subnet described above with the vpm tunnel; well ever since the NSA 240 was installed none of the softphones work either..........any ideas...I will again point to the NSA 240..................the only thing that has changed in the mix. And I forgot to state above that all of the old settings on the Sonicwall 2040 were copied over exactly to the NSA 240..................but I think could we be missing some setting somewhere?? thanks.

sorry safari I didn't see your response above until now. Do you agree that there is some incompatiblity between the 240 and Avaya voip phones? We see all the bin files load on the phone and everything is pingable. But something is stopping it...I spoke to my IT guy a few minutes ago who has been working on this. He says that there is some avaya license you can buy to make the remote phone become the vpn client-- is that true? Isn't that what you are doing since you are not using a subnet router at your remote sites? Yes it's impressive the voice quality you can get; am familiar with Kauai since I own property there and the bandwidth is not good to that island in the first place. How could we speak or communicate by phone or email. I have a cell phone number that we use a spare for situations such as this..............let me know ............I would have our IT guy on who has done a lot of research on this in the past two months.......thanks. Jim

I just learned that we have some other resource, a network specialist who will look at our new hardware. Back in December we replaced four physical servers to virtual servers with two new Dell R710s with a SAN, and that also included new layer 3 switches---but it was a month later that we did the nsa 240 and the remote phone continued to work up to the exact minute that the 240 was turned on. Yes if you could just send us your settings that would be great. I am not used to using message boards.............anyway just thought I would add that. thanks.

Solved myself by troubleshooting