Manualshelf

Application Note

ManualsBrandsAvaya ManualsTelephoneAvaya VPNremote Phone
12345678910
EMH; Reviewed:
SPOC 9/27/06
Solution & Interoperability Test Lab Application Notes
©2006 Avaya Inc. All Rights Reserved.
4 of 42
vpnphone_ssg.doc
Step 2. XAuth: the Juniper SSG XAuth server prompts the Avaya VPNremote Phone for
user credentials (username and password). If the Avaya VPNremote Phone is
configured to store user credentials in flash memory, the Avaya VPNremote Phone
responds to the Juniper SSG with the stored credentials without user involvement.
Otherwise the Avaya VPNremote Phone displays a prompt for username and
password to be manually entered.
Step 3. Phase 2 negotiations: Once the XAuth user authentication is successful, Phase 2
negotiations begin.
XAuth Dynamic IP Address Assignment
The XAuth protocol enables the Juniper SSG appliance to dynamically assign IP
addresses from a configured IP Address pool range. The assignment of IP address ranges
to Avaya VPNremote Phones enables Avaya Communication Manager to map the Avaya
VPNremote Phones into IP Network Regions.
Shared IKE Group ID
The shared IKE ID feature of the Juniper SSG appliance facilitates the deployment of a
large number of dialup IPSec VPN users. With this feature, the security device
authenticates multiple dialup VPN users using a single group IKE ID and preshared key.
Thus, it provides IPSec protection for large remote user groups through a common VPN
configuration. XAuth user authentication must be used when implementing Shared IKE
Group ID.
IP-Network-Region Segmentation
A common deployment for the Avaya VPNremote Phones is in a home network
environment with limited bandwidth. The G.729 codec is recommended for such
bandwidth constrained environments. Avaya Communication Manager IP Network
Regions allow IP endpoints to be logically grouped together to apply unique
configuration settings, including the assignment of specific codecs.
2. Network Topology
The sample network implemented for these Application Notes is shown in Figure 1. Three office
locations are included, a “Main Campus” and three “Remote Offices”.
The Main Campus consists of two Juniper SSG 520’s, named “SSG 520 A” and “SSG 520 B”,
functioning as perimeter security devices and IPSec VPN head-ends. The Avaya S8710 Media
Server and Avaya G650 Media Gateway are also located at the Main Campus. The Main Campus
is mapped to Network Region 1 in Avaya Communication Manager.