Comments on: Nortel Business Secure Router 222 https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/ technology, networking, virtualization and IP telephony Fri, 05 Jul 2013 12:18:30 +0000 hourly 1 https://wordpress.org/?v=6.6.2 By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-17603 Fri, 05 Jul 2013 12:18:30 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-17603 In reply to Stephanie.

Hi Stephanie,

I was never a fan of the BSR222 and have since abandoned it for the Juniper SRX Branch series where I have about 25 remote contact center agents working very reliably every day. If you are reporting that this happens to all your users I would probably start with the bandwidth at your main office. What are you terminating the tunnels on in the main office? I would look at that side of the equation. In general if the users have 10Mbps/2Mbps (down/up) then you should be go so long as they are not connected via wireless and don’t have too many kids at home sucking away the bandwidth.

What type of ICMP ping times do you get when pinging the Nortel i2004 from the main office? You should be getting around 20-40ms for a reliable call with good quality.

Good Luck!

]]>
By: Stephanie https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-17583 Tue, 02 Jul 2013 18:50:53 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-17583 I know your post is old, but we have several remote users who are work from home and use a high speed internet access (some Comcast, some Verizon FIOS, etc). They are all complaining that after about 2 seconds, the person they called can’t him them. The customer complains that the sound is garbled or it sounds like they are under water. After a few seconds, sometimes it returns to normal, but then repeats. Other times, they have to disconnect the phone and call back but it happens again. They are using a BSR222 and Nortel IP Phone 2004. We’ve tried reconfiguring another BSR222 for them and replacing their IP phone, but nothing has helped. Is it their ISP? A configuration issue with the tunnels, the BSR222 or the phone??? Any ideas or troubleshooting tactics we can use would be appreciated.

]]>
By: Alrick Elliott https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-8575 Thu, 06 Dec 2012 19:54:58 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-8575 Michael,
Is the BSR222 capable of port forwarding and if so how is that setup? I’ve looked at the firewall and added the port, rule and protocol – no desired progress. Done the same under SUA/NAT and still getting nowhere really fast. I turned off the firewall, momentarily, with very little forward progress.

My aim is to get this BSR222 to allow a biometric clock traffic to pass through a specific port.

I called Avaya/Nortel desk help for assistance and nothing as yet.

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-4720 Fri, 26 Aug 2011 13:52:50 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-4720 In reply to Carlos.

Hi Carlos,

If you replace the IP phone with your laptop or PC (don’t forget to change the IP address if you are using static IP addressing) can you ping main office CS1000?

I would start with that testing first.. make sure you have connectivity first, then worry about the IP telephony component.

Good Luck!

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-4719 Fri, 26 Aug 2011 13:47:49 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-4719 In reply to Mike Lowman.

Hi Mike,

It’s possible to manage the BSR222 from the public interface if it’s been configured to allow that functionality ahead of time. You have two options available if you want to remotely connect an IP deskphone to your BCM50, 1) you can purchase the 1100 series IP phone along with a license for the built-in VPN client (requires a Nortel VPN router on the main office side) or 2) you can use equipment to create a branch to branch VPN tunnel such as what you are doing with the BSR222. You can use a dynamic IP address on the branch office site (this is called an Aggressive Mode tunnel) but the main office side needs a static IP address.

Good Luck!

]]>
By: Carlos https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-4691 Fri, 19 Aug 2011 20:53:01 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-4691 Dear Richard,
I have a home-office set up with my own 2WIRE ADSL gateway (supplied by Bell Canada, my ISP); a Nortel BSR222 router and a Nortel IP phone.
Up until 4 weeks ago, everything was working fine. I disconnected the BSR222 and the IP phone because I had to go to work from Head-Office. When I came back and reconnected the system, the IP Phone displys the message “Server Unreachable”. I can see that the 2WIRE gateway is assigning an IP address to the BSR222, but the latter doesn’t seem to acess the phone server in Head-Office.
We tried the same system (BSR222 and IP phone) at 2 other locations, who have Rogers cable as their ISP, and it works perfectly.
My home PCs and personal wireless devices have had access to the Internet all along and were never affected.
When I call Bell Canada Tech Support, they don’t see any problems with the 2WIRE gateway, and can’t resolve the conflict with the BSR222 (or the IP Phone). Consequently, they suggested that I contact 2WIRE, the OEM of the gateway.
2WIRE says that I should contact Nortel to find out what Ports I should open in the 2WIRE gateway (Port Forwarding) for the BSR222 to work its way to the Internet, but I’m hesitant to open ports that were not required before.
Please advise if you have seen a case like this before, and could suggest a solution. Let me know if you have any questions that might help you in finding a solution… before I ditch Bell Canada and switch to Rogers Communications or ACANAC…
Sincerely,
Carlos

]]>
By: Mike Lowman https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-4690 Fri, 19 Aug 2011 18:07:55 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-4690 I run all technology for a small company. We currently have a BCM50 and two remote sites on BSR222s. We have not had any problems with them. I am moving to Thailand and want to know if I should/could install a BSR222 in my home instead of running the Softphone. I would prefer to have a phone on my desk. My question is, can I have someone configure the BSR222 remotely. We have used Verizon to set up everything and haven’t had to call them about any problems (for two years). Am I crazy to want the BSR222 for one remote phone line? I would also love to have the VPN capabilities. One last question… I read in the Avaya docs that I could have a BSR installed with dynamic ip address, but I thought you had to have a static IP. Do you have to have a static IP?

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-3616 Sun, 06 Feb 2011 16:37:48 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-3616 In reply to philipvl.

Hi Philip,

The BSR252 has a built-in ADSL2+ interface for connecting to DSL networks. I would suggest you refer to the documentation. I haven’t personally touched these devices in years now but they were pretty straight forward with an easy to understand web GUI. I’m not sure which VPN client software they might use for end-users.

Good Luck!

]]>
By: philipvl https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-3570 Tue, 01 Feb 2011 09:19:57 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-3570 Hey Richard

I need to configure client dialup VPN connection on 3x BSR252, can you please give me some information how to configure? Which vpn client do i need for windows Vista?
I have some experience with Fortigate, i did the same steps but it doesn’t work.

Thnx in advanced for a quick answer.

Philip

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-1754 Tue, 16 Feb 2010 00:25:00 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-1754 In reply to Richard.

Hi Richard,

I believe you can run 5 tunnels on the BSR222, you can probably look it up in the manuals on Nortel’s website if you want to be sure.

You mention the word “broadcast”, is it really a broadcast packet? You should be able to utilize NTP via Unicast packets without any issue. I maintain 2 centralized NTP servers for my entire organization (32,000+ ports). The devices that are at the branch office sync their time over the VPN/IPSec tunnel to the centralized NTP servers. It works great and keys the time sync’d across every system (Windows, MacOS, Linux, etc).

I will warn you that I’ve seen very odd behavior from BES50 switches. We purchased 2 of them for testing and decided against purchasing them because we had all sorts of interoperability issues with different devices. Even though you mention you’re physically connected to the BSR222 you could try removing the BES50 and see if that resolves your problem. The LAN ports of the BSR222 should act just like a switch, although you may want to disable IGMP since I believe it’s enabled by default.

Good Luck!

]]>
By: Richard https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-1751 Mon, 15 Feb 2010 17:12:08 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-1751 I am the IT manager premiumcolor group

we have two offices.
HQ has BES50 with digital phones and a bsr222 to tunnel over to the branch.

the branch has pcs sharing the liones with the voip phones using 1 bsr 222 and 2 poe nortel switches.

VZ implmented the system, dealing with them was a nightmare, and they had no 911 solution for this setup, enter Mark Flecther whom assisted us to force VZ and NT engineers to create the solution which is now implemented.

questions:
how many vpn connections at once can the 222 accomadate? and two, I have a time clock program that broadcasts to update the server, but the braodcast does not seem to allow for the the server to reply back to the client properly through the 222’s even though I have attached both machines directly to the 222’s, what could be the issue here?

]]>
By: Sean https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-1646 Wed, 13 Jan 2010 10:14:40 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-1646 Michael – I called Nortel support who could not tell me the default username and password for this box. I really need to buy you a beer sometime buddy!

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-1633 Sun, 10 Jan 2010 04:32:32 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-1633 In reply to Jamal.

Hi Jamal,

The default username and password are included in the post above.

Good Luck!

]]>
By: Jamal https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-1632 Sun, 10 Jan 2010 04:25:51 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-1632 I have a BSR 252 business secure router with me..

i want to configure it please help me

i don’t know what is the default username and password

Jamal
dubai

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-816 Thu, 23 Apr 2009 23:22:34 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-816 In reply to Janine.

Hi Janie,

You should leave the firewall enabled (it’s enabled by default). The firewall really only comes into play when public Internet devices try to access your BSR222. It shouldn’t have any affect on tunnel traffic in it’s out-of-the-box state. I would advise you to change the password at a minimum, it’s best practice. Just remember to document the username and passwords that you’ve configured the moment you change them. If I had a 1$ for everytime someone changed a password only to forget the password they used the following day. Assuming that your Branch Office Tunnels (BOTs) and setup properly along with the necessary IP routing you should be able to ping. You don’t have the Windows XP/Vista firewall enabled do you?

Good Luck!

]]>
By: Janine https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-807 Tue, 21 Apr 2009 19:02:56 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-807 I have a couple of questions:

1. Should I enable the firewall for the BSR222 at my remote sites?
2. Should I change the username and passwords that the installer kept (very similar to those listed above)
3. Why can’t I get ping returns from one of my remote sites (but I can ping the BSR222s at all sites)

Thanks,

Janine

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-683 Mon, 16 Mar 2009 20:27:57 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-683 Hi Alia,

The problem is that the Nortel i2004 will always say “Starting DHCP…” never giving you a real understanding of the problem.

Have you configured the phone for partial DHCP?
Have you configured the S1 values?

I’m going to assume that you have the phone configured for Full DHCP, in which case the phone will sit waiting (displaying “Starting DHCP…”) until it receives the all the proper DHCP options even if it has received a DHCP address.

Cheers!

]]>
By: Alia https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-682 Mon, 16 Mar 2009 18:16:13 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-682 Hello,

I tried to connect i2004 phone with BSR 222 but the problem is that the phone i2004 can’t take any ip I don’t why although I connect BSR 222 whit laptop and it works..

]]>
By: Michael McNamara https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-334 Thu, 23 Oct 2008 23:22:05 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-334 Hi Leandro,

What problems are you having connecting to the two? The biggest problem I’ve had with the Nortel VPN Router 221 and the Nortel Business Secure Router 222 is the lack of IKE keepalives. On occasion one side of the tunnel will go down but the other side will remain active. I never have had a problem using the “fully featured” Nortel VPN Router 17000, 1100, 1050 or 1010 since they all run the same software and support IKE keepalives. The “Control Ping” feature of the 221/222 generally keeps the tunnel stable by sending traffic across of it. I’ve had to use the “Control Ping” feature even when I set both sides for “Nailed Up”. I can post some screen shots if you’re completely lost. Let me know.

Thanks for the comment!

]]>
By: Leandro https://blog.michaelfmcnamara.com/2008/06/nortel-business-secure-router-222/comment-page-1/#comment-319 Wed, 22 Oct 2008 21:18:31 +0000 http://maddog.mlhs.org/blog/2008/06/nortel-business-secure-router-222/#comment-319 Hello,
I’m glad to read that you had no problems connecting a BSR 222 to a VPN Router 1700…

I’m trying to establish a branch office tunnel between a BSR 222 and a VPN Router 1010 and wonder if you have documentation that you used on the 1700 that could assist me with this issue.

Thanks so much.
-Leandro

]]>