Avaya 5610 to Astaro IPSec configuration

  • Article ID: 116188
  • Updated: 24 May 2012

The following configuration has been confirmed to work on the 5610 models, other models have not been tested/confirmed to work.

VPN Remote Phone Configuration

VPN Profile Generic with PSK
Server: Astaro’s Public IP
PSK: the password you want to use for the tunnel
VPN Start Mode Boot
Password Type N/A
Encapsulation 4500 – 4500
Syslog Server (blank)

IKE Parameters

  • IKE ID Type: FQDN
  • Diffie-Hellman Group: 2
  • Encryption Alg 3DES
  • Authentication Alg SHA1
  • IKE Xchange Mode Identity protect
  • IKE Config Mode: Disable
  • XAUHT Enable
  • Cert Expiry Check Disable
  • Cert DN Check Disable
IPSEC Parameters
  • Encryption Alg 3DES
  • Authentication Alg SHA1
  • Diffie-Hellman Group: 2
Protected Nets
  • Virtual IP: Internal IPs of the phones (it needs to match the subnet of the VPN pool on the Astaro)
  • Remote Net #1 The internal subnet of the Astaro Copy TOS Yes
  • File Srvr: (blank)
  • Connectivity Check: Always
  • QTest Disabled 

On the Astaro

  1. Under Remote Access | IPSec
    Create a New IPSec remote Access rule:
    • Interface: Select the interface the users are connecting from
    • Local Networks: The network the server they need to connect to is located
    • Policy: You will need to create a policy on the Astaro that matches the settings above
    • Authentication Type: Preshared Key
    • Set the Preshared Key
    • Leave Enable XAUTH unchecked
    • Click on Save 
  2. Under Network Security | Packet Filter
    Create a new Packet filter rule:
    • Source: Internal address(es) of the Phones
    • Service: Any
    • Destination: Any
    • Action: Allow
    • Save Rule and click on Enable

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent