Description:

If an Alcatel OXO Connect (Premium) DeskPhone is operated at a remote location (e.g. in a branch or home office), it cannot connect directly to the Alcatel OXO Connect PBX.

Since the desk phones support VPN connections, it is possible to establish a VPN connection to the headquarters without the use of a VPN router at the branch office.

This article describes how to set up an IKEv2 VPN connection between an Alcatel DeskPhone and a LANCOM router.

How to connect an Alcatel OXO Connect PBX to a LANCOM VoIP router is described in this Knowledge Base article .

Important:
When using an IKEv2 connection, several desk phones at a branch office can connect to the head office via VPN because authentication is based on the LAN IP address of each individual desk phone.

However, this requires the desk phone to have a fixed IP address assigned to it. This can be done either by DHCP address reservation on the DHCP server at the branch office or by setting a fixed IP address on the desk phone itself. Refer to the manual if necessary.


Requirements:

  • LANCOM router with Voice Call Manager and VPN support at the headquarters:
    • LANCOM 883 VoIP
    • LANCOM 884 VoIP
    • LANCOM 178x (some models additionally require the All-IP option )
    • LANCOM 179x (some models additionally require the All-IP option )
    • LANCOM ISG 1000
    • LANCOM ISG 4000
  • LCOS as of version 9.24 ( download latest version )
  • LANtools as of version 9.24 ( download latest version )
  • One of the following Alcatel OXO Connect (Premium) DeskPhones:
    • 8008
    • 8008G
    • 8018
    • 8028
    • 8028s
    • 8038
    • 8058s
    • 8068
    • 8068s
    • 8078s
  • Existing network connection on the desk phone with a fixed IP address (either assigned using DHCP reservation or statically on the desk phone itself)


Scenario:

The general scenario is as follows:

  • The LANCOM router is located at the headquarters and the Alcatel OXO Connect PBX registers with the LANCOM router.
  • An Alcatel Premium DeskPhone (remote worker) at a branch office connects to the LANCOM router at the headquarters via VPN so that it can connect to the OXO Connect PBX.


Procedure:

1) Configuring the LANCOM router:

1.1) Open the configuration of the LANCOM router in LANconfig, switch to the menu VPN → General and activate the VPN feature by setting Virtual Private Network to Activated .

1.2) Switch to the menu VPN → IKEv2/IPSec → Authentication.

1.3) Create a new entry and adjust the following parameters:

  • Name: Enter a descriptive name.
  • Local authentication : Check that the value is set to PSK.
  • Local identifier type: From the drop-down menu, select Domain name (FQDN).
  • Local identity : Enter an identity for the headquarters.
  • Local password : Enter a password.
  • Remote authentication : Check that the value is set to PSK.
  • Remote identifier type: Select IPv4 address from the drop-down menu.
  • Remote identity : Enter the fixed IP address for the Premium DeskPhone (see requirements).
  • Remote password : Enter the same password as the Local password.

Important:
Do not delete or modify the existing entry named DEFAULT!

1.4) Go to the menu IPv4 addresses .

1.5) Create a new entry (if there is no dial-in address range) and adjust the following parameters:

  • Name: Enter a descriptive name.
  • First address : Enter the first IP addressfrom an address range that is different to the local network. This range of IPs will be available for IKEv2 VPN dial-in.
  • Last address : Enter that last IP addressfrom an address range that is different to the local network. This range of IPs will be available for IKEv2 VPN dial-in.
  • Primary DNS: Specify the primary DNS server.
  • Secondary DNS: Specify the secondary DNS server, if available.

Important:
The address range where the Alcatel DeskPhones dial-in must be in a different network to the local network.

1.6) Switch to the menu Connection list .

1.7) Create a new entry and adjust the following parameters:

  • Name of connection : Enter a descriptive name.
  • Authentication: From the drop-down menu, select the Authentication profile created in step 1.3.
  • Rule Creation : Select Manual from the drop-down menu.
  • IPv4 rules : Select the predefined VPN rule RAS-WITH-CONFIG-PAYLOAD from the dropdown menu.
  • IKE-CFG: Select Server from the drop-down menu so that the LANCOM router can assign an IP address from the local network at the headquarters to the Premium DeskPhone.
  • IPv4 address pool : From the drop-down menu, select the IPv4 address pool profile created in step 1.5.

Important:
Do not delete or modify the existing entry named DEFAULT!

1.8) This concludes the configuration of the router. Write the configuration back to the router.



2) Configuring the Alcatel DeskPhones:

2.1) Start the (Premium) DeskPhone and, during “Boot Phase 2”, press the buttons <*> + <#> to access the Main Menu.

2.2) In the Main Menu, select the menu item VPN.

2.3) Switch to the menu VPN Config .

2.4) The first time you enter the menu VPN Config you have to set a PIN code . This has to be entered each time this menu is accessed.

2.5) Adjust the following parameters, confirm the adjustments by clicking the green checkmark and quit the menu by clicking on the Back button:

  • Enable VPN: Activate VPN by ticking the box.
  • VPN Server: Enter the public IP address or the DynDNS name of the LANCOM router at the headquarters.
  • VPN PSK: Enter the Preshared key set in step 1.7.
  • IKE version : Select IKEv2.

2.6) Switch to the menu VPN Tftp .

2.7) Adjust the following parameters, confirm the adjustments by clicking the green checkmark and quit the menu by clicking on the Back button:

  • Set a checkmark next to Use TFTP servers .
  • Tftp 1: Enter the IP address of the Alcatel OXO Connect at the headquarters.

2.8) Click the red arrow to quit the Main Menu. The desk phone then restarts and establishes the VPN connection.