4 Replies Latest reply on Oct 6, 2014 1:24 PM by david

    Connect Remote  Phones Via IPSEC Tunnels to TA904E

    peterk New Member

      Is it possible to register a remote IP phones via an IPSEC tunnel to SIP voice users defined on an TA904 2ndgen using AOS 11.2?

       

      There is a document referencing Netvanta 7100 remote phone setup but it references AOS 15 - the support matrix seems to indicate that 'remote phone setup' is available on the TA900 platform as of AOS 10.

       

      I have an IPSEC tunnel set up the the TA904e from a VPN router and two VVX300 phones registered. I can place outgoing calls to the PSTN via SIP, but am running into intermittent SIP 480 temporarily unavailable messages when placing calls between the phones. Before investing further time in this approach, I wanted to double-check on the level of support on the TA904 platform.

       

      Many thanks in advance.

       

      All the best

      Peter

        • Re: Connect Remote  Phones Via IPSEC Tunnels to TA904E
          jwable Frequent Visitor


          Peterk,

              I would guess your issue is related to UDP timeouts on the remote side firewalls or your VPN connection.  I have found with most firewalls that have SIP ALG disable it because it almost never works correctly.  There are also some work around options that allow you to reconfigure the timeout intervals on the SIP side by using HMR rule sets that tell the phones to check in more often to keep their registrations from timing out but most of the time it's easier to increase the timing on the firewall then configuring the extra HMR Rules to change the SIP Header so I would start there. Here's a link to the article about HMR Rules to change timeouts: https://supportforums.adtran.com/docs/DOC-5027 Version 10 and 11 of the Adtran firmware is newer then versions 15 Plus they changed the numbering scheme a couple of years ago.  Command structure should be the same as long as you running 10.3 (HMR was first released on this version) or higher, always recommend current extended maintenance release however which is currently 10.9.4.  Also all of this said last I heard Adtran does not officially support the use of Sip Phones of a TA 900 as the TA 900 is officially a trunk gateway for converting TDM to SIP or vice versa.  SIP to SIP options are available with the 908E SBC edition since it allows for ip rtp media anchoring where the none SBC versions do not.

           

          John Wable

            • Re: Connect Remote  Phones Via IPSEC Tunnels to TA904E
              peterk New Member

              Thanks John for the response. For the customer application we were able to make this work with the existing Adtran 904 at the customer site as follows:

              • 'Remote' SIP phone registers to the Adtran 904 via an IPSEC tunnel connected between the Adtran and VPN router. the SIP phone is behind the VPN router.
              • Calls to-from the PSTN via a SIP trunk can be placed.
              • Calls between the 'remote' SIP phone and legacy PBX connected via T1 facility to the Adtran can be placed

               

              The customer is not ready to replace the legacy PBX, but wants to add incremental growth using IP phones - hence reason for this configuration.

               

              In preparation for this deployment, I tested using an IP PBX (my T1-based PBX was out on loan) and had difficulties with establishing bearer path between the 'remote' SIP phone and SIP phones behind the IP PBX. I tried creating 'candle on a stick' configuration with sub-interfaces/VLANs, with each sub-interface configured as a primary media-gateway. I could only get this to partially work - so we did final testing onsite at the customer premise during a maintenance window.

               

              Be glad to share configuration files for working customer system and lab system using 'candle on a stick' approach if there is interest.

               

              Thanks again.

               

              All the best

              Peter

            • Re: Connect Remote  Phones Via IPSEC Tunnels to TA904E
              david Employee

              Peter,

               

              Thanks for posting.  The supported remote phone application for the TA900 series is very specific.  It was designed to allow for remote phones behind a router doing NAT that was not "SIP aware" to connect back through the TA900 to a SIP PBX.  This application, which is defined in the following document, is not compatible with locally terminated VPN tunnels on the TA900 series.

               

              Remote Phone Configuration for AOS SIP Gateway

               

              Feel free to respond on this post if you have any further questions.  However, you may want to contact ADTRAN and ask for Pre-Sales Support by calling 888-423-8726 to discuss alternative solutions or products to fit your application.

               

              Thanks!

              David

              • Re: Connect Remote  Phones Via IPSEC Tunnels to TA904E
                david Employee

                Peter,

                 

                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. 

                 

                Thanks,

                David