IPSec is and always has been a messy combination of too many options and too many implementations. No surprise I suppose that they expect “all in” with Avaya platforms as the only supported. So far I’ve had no luck, I even hacked racoon to simply accept the offending proposal attribute…get’s past that phase but doesn’t seem to be handling the NAT-T payloads in the next step…but I could easily be missing something. Shame really I was hoping I could support these phones on an open platform.. But even the Avaya VPN Windows client sends the 32767 attribute and on top of that sends DH 8 which I believe is some Elliptical curve stuff which racoon developers have stated they will not implement as there are patentable elements in those areas.

Cheers

Hi Colin,

I know the UNIStim VPN Client (UVC) worked fine between an 1120E and an Avaya VPN 1700 Router.

You’re suggesting that Avaya intentionally made it incompatible with third-party VPN routers? I don’t know if that’s the case or if there was some underlying technical issue. I don’t ever believe reading that the UVC was intended to be used with anything other than an Avaya VPN router so I’m not sure it was even in the “not supported” realm.

Thanks for the comment!

Does anyone know what IKE Proposals the 1140e sends at phase 1?

Chris.

Hi Novice,

I’m not so sure I would agree with your assumption that IPSec is IPsec. I’ve had years of pure fun (being cynical) building branch VPN tunnels across different platforms using Cisco, Nortel, CheckPoint, Juniper, Linux, etc.

It’s possible that it might work but someone needs to test it out and see if actually works.

Thanks for the comment!

khalil abua asal:

hi all: i’m intending to establish a VPN connection between Nortel 1140E phone behind a an ADSL SOHO router and a Cisco ASA 5510 appliance, but the connection doesn’t come up, i configured the PSK user id and password, the XAUTH user ID and passowrd on the phone but with no use, the error that keeps showing up on cisco ASA is: unknown tunnel-group id. can any one confirm to me if the cpn client on the Nortel 1140E phone is compatible with Cisco ASA appliances or not???Regards

Has anyone tried and got this working with Cisco ASA, I cant image Avaya would of made a custom IPSec client and not just natively create an IPSec client that is universal. I mean IPSec is IPSec

Regards

Hi Jephph,

Thanks for sharing that information… when I have the opportunity I hope to test the 1120e UVC wtih the Nortel VPN Router 1700 running V07_05.350.

Thanks again!

Hi Steve,

I haven’t personally tried it but I’ve learned over the years that just because something isn’t supported doesn’t necessarily mean it won’t work. With that said if you did get it to work you might have to weigh the risk of going into a production environment with an unsupported configuration.

I have two 1700s and one 1740 all running 7.x software. I could probably test it out for you if you are really curious… or it might become immediately clear that it won’t work without some feature in 8.x software.

Cheers!

Hi Gord,

It would have been nice for Nortel to have left that decision up to the user/customer. I wonder how difficult MAC security would be to implement on the PC port?

In any event I can understand the desire to keep voice and data traffic separate and as you commented a lot of organizations already have remote access solutions in place.

Thanks for the comment!