Description:

If an Alcatel OXO Connect (Premium) DeskPhone is operated at a remote location (e.g. in a branch or home office), it cannot connect directly to the Alcatel OXO Connect PBX.

Since the desk phones support VPN connections, it is possible to establish a VPN connection to the headquarters without the use of a VPN router at the branch office.

This article describes how to set up VPN connection using IKEv1 between an Alcatel DeskPhone and a LANCOM router.

How to connect an Alcatel OXO Connect PBX to a LANCOM VoIP router is described in this Knowledge Base article .

Important:
When using an IKEv1 connection in main mode, only one desk phone at a branch office can connect to the headquarters via VPN because authentication is based on the WAN IP address of the Internet connection.

In 2019 the IETF (Internet Engineering Task Force) has designated IKEv1 as deprecated and insecure and therefore it should not be used anymore. LANCOM Systems instead recommends to use the current standard IKEv2.

The IKEv1 functionality in LANCOM devices remains intact and can still be used for scenarios where devices without IKEv2 support are used. However LANCOM Systems will not provide any support regarding the troubleshooting of connection problems with IKEv1 connections. Also there won't be any bug fixes or new features for IKEv1.

In rare cases a disconnect can occur during rekeying. In such a case it can be useful to increase the lifetimes, so that the disconnects occur less often.

The configuration of an IKEv2 connection between an Alcatel DeskPhone and a LANCOM router is described in this Knowledge Base article.



Requirements:


Scenario:

The general scenario is as follows:


Procedure:

1) Configuring the LANCOM router:

1.1) Open the configuration of the LANCOM router in LANconfig, switch to the menu VPN → General and activate the VPN feature by setting Virtual Private Network to Activated .

1.2) Switch to the menu VPN -> IKE/IPSec→ IKE proposals .

1.3) Create a new entry and enter the following parameters:

1.4) Navigate to the menu IKE proposal lists .

1.5) Create a new IKE proposal list and modify the following parameters:

1.6) Navigate to the menu IKE keys and identities .

1.7) Create a new entry and adjust the following parameters:

1.8) Switch to the menu IPSec proposals .

1.9) Create a new entry and enter the following parameters:

1.10) Navigate to the menu IPSec proposal lists .

1.11) Create a new IPSec proposal list and modify the following parameters:

1.12) Switch to the menu Connection parameters .

1.13) Create a new entry and adjust the following parameters:

1.14) Switch to the menu Connection list .

1.15) Create a new entry and adjust the following parameters:

1.16) Go to the menu IPv4 → Addresses and enter the dial-in address range (First and Last address) from an address range that is different to the local network.

Important:
The address range where the Alcatel DeskPhones dial-in must be in a different network to the local network.

1.17) This concludes the configuration of the router. Write the configuration back to the router.



2) Configuring the Alcatel DeskPhones:

2.1) Start the (Premium) DeskPhone and, during “Boot Phase 2”, press the buttons <*> + <#> to access the Main Menu.

2.2) In the Main Menu, select the menu item VPN.

2.3) Switch to the menu VPN Config .

2.4) The first time you enter the menu VPN Config you have to set a PIN code . This has to be entered each time this menu is accessed.

2.5) Adjust the following parameters, confirm the adjustments by clicking the green checkmark and quit the menu by clicking on the Back button:

2.6) Switch to the menu VPN Tftp .

2.7) Adjust the following parameters, confirm the adjustments by clicking the green checkmark and quit the menu by clicking on the Back button:

2.8) Click the red arrow to quit the Main menu. The desk phone then restarts and establishes the VPN connection.