Solved

Avaya 5610SW IP Phones and Sonicwall NSA240

Posted on 2011-03-17
10
2,432 Views
Last Modified: 2012-05-11
Greetings:
I now have four Avaya 5610SW IP phones up and running through a Sonicwall NSA240, into our AVAYA IP 500 Control Unit/IP Office Manager V7.  Got two more 5610SW, and had them prepped, with the same settings as the other phones.  When sent off to the customer home offices, they both return the same error message:

IKE Phase 2 no response
3997700:18 Module Notify:305
397700:0 Module: IKMPD:353
IKECFG:1184

I've checked the Sonicwall appliance log, and nothing stands out...what should I be looking for? There are 6 total licenses on the Avaya side , using only 4 currently.
Any suggestions/assistance would be appreciated.
0
Comment
Question by:safarimicro
  • 4
  • 4
  • 2
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35159924
what are you using on the phones to establish the vpn? are you sure the settings are correct...i know, stupid question. phase 2 is where the vpn negotiates the network. where are the phones deployed? is it possible the phones have identical subnets where they are physically located as is specified in the vpn policy?

just tossing out any ideas i can think of.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35159938
is your NSA running the latest firmware? how are the phones getting an IP address? maybe they are getting a duplicate of another device? do you have enough IP addresses allocated?

how do you have the sonicwall configured to allow the phones to connect? l2tp, etc.
0
 

Author Comment

by:safarimicro
ID: 35159965
Since the settings are the same as the 4 phones currently in service, I would say the settings should be correct.  The phones are deployed off site at employees' home offices.  Since all users are using their own routers, we have ensured that the gateway IP address is different than the one the phone would be connecting to once the tunnel has been established.  I will double check all settings, however.
Thanks
0
 

Expert Comment

by:jconsidine
ID: 35185281
Well safarimicro, you are not alone. I own a company in southern CA with one corporate location and one remote location (my home 12 miles away). The remote site has had a long running successful use of an Avaya VOIP phone (4620SW and/or 4621 SW) for over five years with minimal problems using a little Sonicwall TZ 170 or 190 at my home remote site. This January we replaced our old Sonicwall "mother" router, a 2040, at the corporate site and installed a new SonicWall NSA 240. IMMEDIATELY UPON INSTALLING IT THE REMOTE VOIP PHONE STOPPED WORKING. Our off site IT team and I  as the company owner have spent countless hours on the phone with Avaya Level 3 tech support in Denver and with Sonicwalll to no avail. The other computers and printers at my home under the subnet all worked fine after the NSA 240, but not the phone. I have swapped out 3 Avaya 4620/4621s with no luck. We can easiliy ping (local IPs) the remote phone, router, and the Avaya contral unit and call server from anywhere---we clearly see the phone loading the Avaya bin files.......our IT guy did packet traces....the phone briefly worked once for 5 minutes when the firmware on the NSA 240 was downgraded, but we were not able to replicate this after upgrading and then downgrading the firmware again on the 240. We are running the phone system off a IP Office 403 control unit and we are running version 3.2 (69) version IP Office which is same as 5.2(69) version of Phone Manager.  Avaya tech support made me pay them $180 for 45 minutes of level 3 support and accomplished nothing. We are using a VPN connection. I will copy my IT guy on this now as well, but I would appreciate any info you might have on this.  THIS PROBLEM IS DRIVING US ALL INSANE. There is some incompatibility between the Voip phone and the NSA 240, but no one knows what it is. Apparently there is a difference between using the phone as the VPN client which my IT guy thinks is how you are doing it and us where we are establishing a vpn tunnel between the mother and the remote TZ170 router. And I realize you are using an Avaya 500 unit vs our 403, but this is clearly something that is related to the NSA 240. Please give me any thoughts on this. Thanks.
0
 

Author Comment

by:safarimicro
ID: 35185410
I'll keep you apprised, jconsidine.  Sonicwall is NO help whatever.  Three years ago, we were using a Cisco ASA5500, and using that with the IP phones is somewhere between a dismal failure, and a hit or miss proposition.  My going to the Sonicwall applicance was a white paper I read concerning the use of the hardware together, utilizing it the way you are attempting to: VPN with another Sonicwall, then using the IP phone.

We did have some adjustments to make in the NSA appliance before the IP phones did work, but, once that was done, we have had success with the 4 that are in use now...three in the Phoenix metro area, and one on the island of Kauai. I would be happy to share our Phone settings with you, if needed.
We have done nothing to the NSA240: no firmware upgrades either!  Don't like them, and avoid them unless there is a "fatal" reason why I should upgrade.  We use several types of Home/Office routers: Dlink DGL4100, DGL4300 for example, and mine has been in use over three different ISPs over the past three years: Cox, Pavlov Communications, and now, Oceanic-Time Warner.
We have found that, with the routers being used in home office settings, all that needs be done, is for the router to pass VPN...nothing more... I don't doubt that other makes/models would work as well.

I considered going your way: VPN, but costs for a TZ series router are prohibitive, plus, I am not impressed with Sonicwall's Tech Support, as I am not with Avaya's.
I couldn't be more pleased with my IP, operating in the middle of the pacific: calls to the continental east coast vary from high quality cell, to land line. Some latency, for sure, but not as much of a problem as you would think.  Our Avaya 500 is located in the Metro Phx area.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Expert Comment

by:jconsidine
ID: 35185531
please see my first post immediately above this one. And that's not all. We previously used to be able to set up Avaya soft phone on laptops using a vpn tunnel either with a public IP on a laptop outside the network, or with a desktop at the remote site under the subnet described above with the vpm tunnel; well ever since the NSA 240 was installed none of the softphones work either..........any ideas...I will again point to the NSA 240..................the only thing that has changed in the mix. And I forgot to state above that all of the old settings on the Sonicwall 2040 were copied over exactly to the NSA 240..................but I think could we be missing some setting somewhere?? thanks.
0
 

Expert Comment

by:jconsidine
ID: 35185569
sorry safari I didn't see your response above until now. Do you agree that there is some incompatiblity between the 240 and Avaya voip phones? We see all the bin files load on the phone and everything is pingable. But something is stopping it...I spoke to my IT guy a few minutes ago who has been working on this. He says that there is some avaya license you can buy to make the remote phone become the vpn client-- is that true? Isn't that what you are doing since you are not using a subnet router at your remote sites? Yes it's impressive the voice quality you can get; am familiar with Kauai since I own property there and the bandwidth is not good to that island in the first place. How could we speak or communicate by phone or email. I have a cell phone number that we use a spare for situations such as this..............let me know ............I would have our IT guy on who has done a lot of research on this in the past two months.......thanks. Jim
0
 

Expert Comment

by:jconsidine
ID: 35185659
I just learned that we have some other resource, a network specialist who will look at our new hardware. Back in December we replaced four physical servers to virtual servers with two new Dell R710s with a SAN, and that also included new layer 3 switches---but it was a month later that we did the nsa 240 and the remote phone continued to work up to the exact minute that the 240 was turned on. Yes if you could just send us your settings that would be great. I am not used to using message boards.............anyway just thought I would add that. thanks.
0
 

Accepted Solution

by:
safarimicro earned 0 total points
ID: 35185863
Found the solution:
The "protected Nets" setting on all the current phones are set to 0.0.0.0/0.  We gave the new phones the setting: 192.xxx.x.0/24, and both phones came up.  Apparently, the NSA240 went as far as it could go with assigning virtual IP addresses, and it needed a range to use for added IP phones...anyhow, problem solved.
Jconsidine: email at tony[at]safarimicrodotcom.

0
 

Author Closing Comment

by:safarimicro
ID: 35221350
Solved myself by troubleshooting
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now