Home Page Articles User Guides News Letter  



Author Topic: Using Mitel IP Phone over VPN  (Read 9570 times)

Offline Jamba

  • New Member
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Using Mitel IP Phone over VPN
« on: November 14, 2010, 08:05:25 AM »
Trying to configure IP Phone to connect to our 3300

Our setup is as follows: (High level overview)

China Office - subnet 192.168.150.1 - 192.168.150.254 netmask 255.255.255.0 gateway 192.168.43.254

x1 Mitel 5212 IP Phone with external power supply (no POE on switch) assigned a static ip of 192.168.150.247

x1 Switch ( type and configuration unknown at this stage) all host on the subnet connect to switch.

x1 1010 Nortel VPN Router used in hardware VPN configuration

x1 Modem

IP Phone/Hosts ---> Switch ---> VPN 1010 ---> Modem ---> The cloud (Telstra  Managed WAN) ---> 1100 Firewall/Router (Brisbane)

Brisbane Office -  IP Address range = 192.168.40.1 192.168.43.254 Subnet Mask 255.255.252.0 Gateway/Firewall/Router 192.168.43.254
                        Mitel 3300 Controller 192.168.44.2

The 1010 in China is configured as the initiator connecting in through the 1100 VPN Firewall Router (branch office configuration) and onto
the local network. There is a number of  POE HP Procurve switches configured with VLAN for the VOIP Network. The plan is to connect the phone over the VPN onto the local network and be able to access the 3300 controller and allow us to dial any extension in the Brisbane office from the IP Phone in China. The phone has been configured in OPS Manager (extension, MAC Address etc). When the phone is connected in the China office the phone hangs at the boot procedure "Using option 128+

I am unable to ping the 3300 from a PC on the China subnet but can ping the 3300 on the local network however have noticed that when I trace the route it uses the 1100's secondary ip address to reach the controller while passing through one of the HP Procurve switches. I am also unable to ping the Firewall/Gateway from the China subnet but can ping any other host on the local network. We also have another 1010 VPN Router(on the local network) that we use for our software VPN connection which I can ping from the China network and bring up the web interface using the management ip address. I can also ping the IP phone from the local network(outgoing).

The 1100 router does have a static route configured to allow access to the phone network 192.168.44.0

Does anyone have any suggestions why I am unable to ping the 1100 firewall/router/gateway(192.168.43.254) and 3300 controller(192.168.44.2) from the China network but can ping any other host(192.168.43.28) on the local network?

Anyone tried to setup an IP Phone in a similar situation? any problems encountered? is this possible? I understand that the QoS will be poor.

Would the switch in the China office require any special configuration?

I have spoken to Mitel support who did infact assign the static ip address to the phone. At this stage they say they are unable to help and that this is a routing issue.

Thanks in advance


Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5297
  • Country: us
  • Karma: +453/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #1 on: November 15, 2010, 11:02:15 AM »
My guess would be as follows:
  (1) I'm not surprised that you can't ping a firewall.   In my experience, that is usually turned off.

(2) I suspect that you have a problem with your routing at Brisbane.
192.168.44.0 is not in the same subnet at 192.168.43.0 when using a 255.255.252 subnet mask so you have to have a router between them.
So check your firewall routes.

But like I said, this is just my guesses.

Also,
It may simplify things (Once you can ping from China to the 3300) to put your phone in Teleworker mode.   Do this by booting the phone while holding the 7 key and putting in the IP address of the 3300.   That way you don't have to worry about DHCP options and it should activate some jitter buffering.

Ralph
www.university-music-on-hold.com

Offline Jamba

  • New Member
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #2 on: November 16, 2010, 06:15:07 AM »
Thanks for the response Ralph.

The subnet mask of 255.255.252.0 for subnet 192.168.43.0 is still confusing. Maybe not the correct forum however maybe someone can explain this. I can ping the firewall and controller from other states ie Victoria, New South Wales who are using a 255.255.255.0 netmask. In my original post I said the default gateway in China was 192.168.43.254 which is incorrect, it is 192.168.150.250 (the 1010) not that that should make any difference I dont think (if so please advise).

I will check the firewall routes.

The phone was assigned a static ip address by a Mitel Engineer so we would not have to worry about DHCP. I will try putting the phone
in teleworker mode as you have suggested. Is this something that can be done with any Mitel phone?

Thanks again.

Offline v2win

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 599
  • Country: us
  • Karma: +9/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #3 on: November 16, 2010, 01:35:31 PM »
Is the gateway on the 3300 correct?

Can you ping the 3300 gateway from China?

Offline Jamba

  • New Member
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #4 on: November 17, 2010, 08:45:34 PM »
I am unable to ping the gateway on the 3300.
Phone network 192.168.44.0 - 192.168.44.254

Host Name:       
System IP Address:    192.168.44.2   
Subnet Mask:    255.255.255.0   
Gateway IP Address:    192.168.44.254   
Layer 2 (L2) Switch IP Address:    192.168.44.1   
E2T Card IP Address:    192.168.44.18 / 255.255.255.0   
 
802.1Q Setting (for QoS go to LAN Policy form)
  Voice VLAN ID [1-4094]:    1



We have a branch office connection (responder) for China setup on the 1100 with
access to the local network ip 192.168.40.0 mask 255.255.252.0. Maybe if I change
the netmask to 255.255.248.0 this will allow access to the 192.168.44.0 network.

Another option maybe to setup a branch office connection (initiator) on the China side pointing
to remote network 192.168.11.29 which is a secondary ip address on the 1100. When I tracert
on the secondary ip address it takes me to the 3300 contoller 192.168.44.2 through an HP switch.

Offline v2win

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 599
  • Country: us
  • Karma: +9/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #5 on: November 19, 2010, 09:22:09 AM »
One thin I see is in your China office is the gateway is not in the same subnet as the devices

China Office - subnet 192.168.150.1 - 192.168.150.254 netmask 255.255.255.0 gateway 192.168.43.254

Offline hsearson

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +0/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #6 on: November 19, 2010, 01:31:39 PM »
Can't you just statically assign only the ICP/TFTP address in the phone?  It'll pick up a local DHCP and then it'll automatically reach for the ICP programmed.  If you can ping the ICP from China then it should work over vpn.  That is if certain services are allowed on your data network.  Had a customer who had all VOIP traffic blocked on their data network, couldn't use Teleworker at any of their locations.

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5297
  • Country: us
  • Karma: +453/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #7 on: November 20, 2010, 03:33:02 PM »
Can't you just statically assign only the ICP/TFTP address in the phone?  It'll pick up a local DHCP and then it'll automatically reach for the ICP programmed

That's why I usually suggest putting the phone in teleworker mode.  It's just a fast way of doing the same thing.

Ralph

Offline Jamba

  • New Member
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Using Mitel IP Phone over VPN
« Reply #8 on: November 24, 2010, 12:02:56 AM »
Thanks for the feedback:

In response to v2win - apologies I listed the wrong default gateway it should read 192.168.150.250 (Nortel 1010)

Ralph/hsearson - I cannot ping the controller from any host on the 192.168.150.0 network which suggest that this is
not only a problem for the phone. The strange thing is I can ping anything on the 192.168.40.0 - 192.168.43.255
(apart from firewall 192.168.43.254) from  host (192.168.150.26). This suggest the VPN is good (which has already beeen verified)
and I can connect to the local network. Something is just stopping me from reaching the .44 network even though Im connecting
to the local network over VPN. The local nework can reach the .44 network which suggests there is a static route configured. As Ralph
previously suggested on the netmask of 255.255.252.0 I will never reach the .44 network.




 

Sitemap 1 2 3 4 5 6 7 8 9