How to configure WAN GroupVPN for Avaya Phones

This article explains how to configure WAN Group VPN for use with Avaya IP Phones VPN.

On the SonicWall, configure WAN Group VPN and enable IKE Mode Configuration:

• To configure WAN Group VPN, please follow KB https://www.sonicwall.com/support/knowledge-base/?sol_id=170505850768290

• To enable IKE Mode Configuration, please follow KB: https://www.sonicwall.com/support/knowledge-base/?sol_id=170503815365224

TIP:  If you are on 6.5.4 firmware and above, please remember to enable the GroupVPN on the WAN interface under Manage | Network | Interfaces - edit the desired WAN Interface, under the Advanced Tab select

On the Avaya Phones set following:
 

VPN Config. | General

> VPN = Enabled

> VPN Vendor = Other

> Gateway Address = SonicWall Public IP (or FQDN if IP is dynamic)

> External phone IP = Blank / 0.0.0.0

> External router = Blank / 0.0.0.0

> External subnet mask = Blank / 0.0.0.0

> External DNS server = Blank / 0.0.0.0

> Encapsulation = 4500-4500

> Copy TOS = No

****click right arrow****

VPN Config. | Auth. Type

> Auth type = PSK with XAUTH 

TIP: If user authentication is disabled on the GroupVPN (not recommended), set this to "PSK"

****click right arrow****

VPN Config. | User Cred.

> VPN user type = Any

> VPN user = set the Username configured for VPN access for Avaya in SonicWall

> Password Type = Save in flash

> User Password = set the Password configured for the Avaya user in SonicWall 

****click right arrow****

VPN Config. | IKE PSK

> IKE ID (Group name) = GroupVPN (skip the "WAN" and space)

> Pre-Shared Key (PSK) = type in Preshared Key set on the SonicWall for Group VPN

****click right arrow****

VPN Config. | IKE PHASE 1

> IKE ID type = IPV4_ADDR (or "FQDN" if FQDN was used before - see Gateway address value under  VPN Config. | General)

> IKE Xchange mode = Aggressive

> IKE DH group =  2

> IKE Encryption Alg. = AES-256

> IKE Auth. Alg. = SHA1

> IKE Config. Mode = Enabled

****click right arrow****

VPN Config. | IKE PHASE 2

> IPSec PFS DH group = 2

TIP: If PFS is disabled on Group VPN set this to "None"

> IPSec Encryption Alg. = AES-256

> IPSec Auth. Alg. = SHA1

> Protected Network: 0.0.0.0/0

> IKE Over TCP: Never

NOTE: IKE phase 1 and 2 settings have to match settings made on GroupVPN

After completing the settings, test the connection. 

See also:

Understanding and Troubleshooting Common Log Errors Regarding VPN Policies and GVC - https://www.sonicwall.com/support/knowledge-base/?sol_id=170505246309804

1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case. 

2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.

If you do not have a mysonicwall.com account create one for free!