VPN for Avaya IP Phones

Part One

The first step toward enabling an Avaya VPN Phone is to enable VPN at the main office.
This will allow a secure remote connection to your network.
This is accomplished by either enabling the VPN function in the existing router or adding a security device between your network and the Internet.

Remember that there are a few kinds of VPN, and that there can be a VPN security device at the remote site too.
This will provide an 'always on' VPN to the main office.

If this is the case, the remote network is always connected to the main network and your Avaya IP phone will not need to have the VPN client enabled.
Just plug it in, and it will connect to the IP Office.


Otherwise, if there is no VPN router at the remote site, the VPN client in the Avaya IP phone will be used.

  • The VPN router at the main office is configured with the parameters of your choosing.
  • The VPN clients are configured to match those parameters.


  • You may have noticed that there is quite the list of parameters to be mindful of in order to make the connection.

      These parameters are:

    • authentication
    • encryption
    • encapsulation
    • key management
    • —just a tad bit more than username and password.

    Additionally, the client needs to know where your main office is.
    This is your IP address--the 'public' 'static' IP address of the main office.
    (It is technically the WAN IP address of the VPN router.)

    What this explicitly means is that the main office must have a static public IP address.
    This is established with your ISP.
    If there is no static IP address, it could change at any time.
    If this happens the Avaya phone VPN client (or the remote VPN-enabled router) cannot connect.

    Ask Google "what is my ip" and the result will display your public-facing IP address, as well as a list of similarly functioning websites.
    ipecho.net is one particular webpage with a simple display.


    Part Two

    Every host on any IP network has an IP address.
    A computer, a wireless phone, a laptop, a printer, a scanner, a server, anything that connects to the network is a host and it will get an IP address.
    Your main office, your home network on the internet, your neighbor's wireless router, your favorite website, you may consider hosts on the Internet's network and they all have IP addresses.

    Network administrators maintain what IP addresses are assigned and how.
    Also, addresses can be assigned automatically and dynamically by a server or router.
    Sometimes, they need to be assigned manually and statically so they never change--printers and servers for example.

    When you plug your Avaya IP phone into your remote home/branch office it too gets an IP address.
    (Avaya refers to this as the "outer IP address")



    You've probably seen 192.168.1.1, or 10.0.10.1, or maybe even 172.16.32.1. as an example of an IP address at home or in your office.
    These addressess are reserved by the Internet Assigned Numbers Authority as being private and the reasons have something to do with the pattern of 1's and 0's.

    If you are really interested in TCP/IP addressing you can look through the TCP/IP Guide.
    Almost everything else can be a public IP address.

    • The IP addresses on your network are "private" addresses.
    • The IP addresses for websites and for your main office VPN are "public" addresses.

    The Avaya IP phone is connected to the local network with an outer private address.
    In some instances, the built-in VPN client will use this address to identify itself to the security device.
    The Avaya phone VPN client makes a Virtual Private Network connection by "tunneling" to the main office network where it will use an inner private IP address on that local network.
    The Avaya IP Phone VPN client connects to your main office public static IP address.

    Leave a comment!

    You must be logged in to post a comment.