Avaya Solution & Interoperability Test Lab Application Notes for Configuring the Expand Networks Accelerator 4820 with Avaya IP Telephony through Avaya SG203 and SG208 Security Gateways - Issue 1.0 Abstract These Application Notes describe the steps for configuring the Expand Networks Accelerator 4820 to preserve WAN link bandwidth for H.323 Voice over IP (VoIP) traffic generated by Avaya IP telephones while offering data compression and acceleration. During compliance testing, H.
1. Introduction These Application Notes describe a compliance-tested solution comprised of Avaya Communication Managers, Avaya IP Telephones, Avaya Security Gateways and Expand Networks Accelerators.
Avaya S8300 Media Server 50.1.1.10 Avaya G350 Media Gateway 50.1.1.11 Expand Networks Accelerator 4820 Router fa0/0 172.16.1.62/28 172.16.1.45/28 Public int 172.16.1.49/28 Private int 172.16.1.46/28 Avaya SG203 Security Gateway Cisco 1841 Router P333T-PWR Stackable Switch With X330W-2DS1 WAN Access Router Module VLAN 50 - 50.1.1.0/24 VLAN 51 - 51.1.1.0/24 VLAN 101 - 192.45.101.0/24 VLAN 1000 172.16.1.
2. Equipment and Software Validated The following equipment and software/firmware were used for the sample configuration provided: Equipment Avaya S8300 Media Server with G350 Avaya Media Gateway Avaya S8300 Media Server with G700 Avaya Media Gateway Avaya P333T-PWR Stackable Switch with a X330W-2DS1 WAN Access Router Module Avaya SG203 Security Gateway Avaya SG208 Security Gateway Avaya 46xxSW IP Telephones (H.
3.2. Avaya SG203 and SG208 Security Gateway The Avaya SG203 and SG208 Security Gateways were used to establish a VPN tunnel between the Main and Branch sites. The following steps outline the configuration for the interfaces of the Avaya Security Gateways and the VPN tunnel. Refer to [3] for additional information on configuring Avaya SG203 and SG208 Security Gateways. The steps in this section depict screen displays for the Avaya Security Gateway at the Main Site.
Step Description At the Media Interface Configuration screen for ethernet0, enter the appropriate IP 2. address information and zone configuration. The sample network uses ethernet0 as the private side of the Security Gateway. Click Save to continue. AL; Reviewed: SPOC 2/21/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 6 of 20 ExpandAccltor.
Step Description Repeats Step 2, except now highlight the ethernet1 interface and click Modify to display 3. the Media Interface Configuration screen for ethernet1. At the Media Interface Configuration screen for ethernet1, enter the appropriate IP address information and zone configuration. The sample network uses ethernet1 as the public side of the Security Gateway. The Route is the IP address of the router. Click Save to continue.
Step Description At the Avaya Security Gateway main menu, select Routing under Properties and click 4. on Add to add a static route entry. AL; Reviewed: SPOC 2/21/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 8 of 20 ExpandAccltor.
Step Description At the Modify Static Route display, enter the appropriate Next Hop IP address for the 5. local IP Networks. For the Main Site, the Next hop IP address to reach the three local IP Networks (192.45.101.0/24, 50.1.1.0/24, and 51.1.1.0/24) is 172.16.1.33. Enter the IP Address information and click Add after each entry. Click OK after all the IP networks have been entered. AL; Reviewed: SPOC 2/21/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.
Step Description The next step is to configure the VPN tunnel between the two sites. Select Configure on 6. the left and the Security tab. Highlight VPN Setup and click Add to begin configuration. AL; Reviewed: SPOC 2/21/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 10 of 20 ExpandAccltor.
Step Description At the Modify VPN screen display, enter the following information and click Next to 7. continue. VPN Name Preshared Secret Local IP Address AL; Reviewed: SPOC 2/21/2006 A user-friendly name to identify the VPN connection. An alphanumeric string used to establish the tunnel between the two Avaya Security Gateways. This same string needs to be entered on both Avaya Security Gateways. This string can be entered in either ASCII or Hexadecimal.
Step Description In the next Modify VPN screen, enter the following information. After completing, click 8. Next to continue. Zone Remote TEP IP IP Group(s) AL; Reviewed: SPOC 2/21/2006 public This is the Public Interface of the Avaya Security Gateway at the other end that will be terminating the VPN connection. Click Add after entering the Remote TEP IP address. All local IP Networks that are at the other end of the VPN tunnel.
Step Description Leave everything as default (blank) and click Next to continue. 9. AL; Reviewed: SPOC 2/21/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 13 of 20 ExpandAccltor.
Step Description 10. The last step in configuring the VPN tunnel is to select the encryption and authentication algorithm. In the sample configuration, everything is left to the default value except compression. Compression is set to NONE. Expand Networks Accelerators will be performing all the compression and bandwidth management. Click Finish to complete the VPN configuration. 11. Repeat Steps 1 to 10 for the Avaya Security Gateway at the Branch Site.
4. Expand Networks Accelerator Configuration can be accomplished through either a Command Line Interface (CLI) or a Web Browser. The sample configuration uses the CLI. The following steps describe the configuration for the Expand Networks Accelerator located in the Main Site. Repeat all steps in this section for Accelerator located in the Branch Site, and ensure proper IP address information is used. Step Description Enter the IP address information into the Expand Networks Accelerator using the keypad 1.
Step Description Define two policies for the voice traffic, one for the signaling “h323-gatekeeper-stat” 5. and the other for the media “avayavoip” (RTP stream). The UDP port number from 2048 to 3027 was defined in Avaya Communication Manager in Section 3.1. UDP port number 1719 is the default port number used for H.323 trunk signaling between the two Media Gateways. Datacenter(config)# application h323-gatekeeper-stat udp 1719 Datacenter(config)# application avayavoip udp from 2048 to 3027 6.
Step Description By default, IPComp compression is enabled and there is no need to configure it. The 8. default configuration is not listed when the “show run” command is entered into the system to list current running configuration. 9. Repeat Steps 1 to 8 for the Expand Network Accelerator in the Branch Site. Ensure the proper IP addresses are entered, as the IP addresses may be different from what is shown above for the Main Site. 5.
6. Verification Steps The following steps may be used to verify the configuration: • Ensure that all the Accelerator interfaces are reachable by using ping. • Place and receive call from the Avaya IP telephones. • From the Accelerator, verify the status of the Link. • From the Accelerator, verify that the Rule is correctly configured using the “debug trafficstatistics policy-rule” command. • From the Accelerator, verify the Application is configure correctly by using “show application” command. 7.
9. Additional References [1] Administrator Guide for Avaya Communication Manager, Doc # 03-300509, Issue 1, June 2005 [2] Avaya Communication Manager Advanced Administration Quick Reference, Doc # 03-300364, Issue 2, June 2005 Release 3.0 [3] Avaya Security Gateway Configuration Guide for VPNos Release 4.6, Doc # 670-100-602, Issue 4, May 2005 [4] Expand Network Accelerator Configuration Guide version 5.7 Product documentation for Avaya products may be found at http://support.avaya.
©2006 Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice.