Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Application Notes for Configuring NetScreen 50

Avaya Solution & Interoperability Test Lab
Application Notes for Configuring NetScreen 50, NetScreen
25 and NetScreen-Remote Client Software with Avaya IP
Office and Avaya PhoneManager - Issue 1.0
Abstract
These Application Notes present a sample configuration for NetScreen 50 and NetScreen 25
security devices, as well as NetScreen-Remote Client working with Avaya IP Office and
Avaya PhoneManager in an IPSec VPN environment. The objective of this test is to verify
interoperability between Avaya IP Office, Avaya PhoneManager and NetScreen Products.
Information in these notes has been obtained through compliance testing and additional
technical discussions. Testing was conducted via the DeveloperConnection Program at the
Avaya Solution and Interoperability Test Lab.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
1 of 28
NetScreen-IPO.doc
1. Introduction
These Application Notes describe the compliance-tested configuration utilizing NetScreen 25
and 50 security devices working with Avaya IP Office 2.0, as well as NetScreen-Remote client
working with Avaya PhoneManager 2.0. The NetScreen 25 and 50 are configured to provide a
Site-to-Site IPSec Tunnel between Site A and Site B, and the NetScreen-Remote client is
configured to supply a remote IPSec tunnel between a PhoneManager on Site C and the
NetScreen 25 on Site A. Static and Port NAT will also be tested in a site-to-site tunnel
environment. The administration for Avaya P333T-PWR is not covered in these Application
Notes. Figure 1 displays the network configuration used for verification.
NetScreen-50
Site B
IPSec tunnels
Avaya 4620
IP Telephone
Avaya
P333T-PWR
Avaya 6408
Digital Telephone
Avaya
P333T-PWR
Avaya
IP Office 403
Avaya P333R
Stackable Switch
PhoneManager
Avaya 4620
IP Telephone
PhoneManager
Site A
Avaya
IP Office 412
NetScreen-25
Avaya 6408
Digital
Telephone
IPSec tunnels
Site C
PhoneManager With
NetScreen-Remote
Client
Figure 1: Network Configuration
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
2 of 28
NetScreen-IPO.doc
Table 1 lists the IP addresses and subnet masks for devices used for testing.
Device
Avaya IP Office 412
Avaya IP Office 403
NetScreen 25
NetScreen 50
Avaya P333R
Interface
LAN 1 (Private)
LAN 2 (Public)
LAN
IP Address/Mask
150.1.1.1/24
100.1.1.2/24
10.10.42.1/24
Ethernet 1 (Private)
Ethernet 2 (Public)
Ethernet 1 (Private)
Ethernet 2 (Public)
Vlan90 (to NS25)
Vlan80 (to NS50)
Vlan1 (to Site C)
100.1.1.3/24
90.1.1.1/24
10.10.42.4/24
80.1.1.1/24
90.1.1.2/24
80.1.1.2/24
115.1.1.1/24
Gateway
Default: 100.1.1.3
Default: 10.10.42.4
100.1.1.2
90.1.1.2
10.10.42.2
80.1.1.2
90.1.1.1
80.1.1.1
Table 1: IP Address/Mask Assignment
2. Equipment and Software Validated
Table 2 shows the equipment and software used for the sample configuration provided:
Equipment
Avaya IP Office 412
Avaya IP Office 403
Avaya PhoneManager
Avaya 4620 IP Telephone
Avaya 6408 Digital Telephone
Avaya P333R Switch
Avaya P333T-PWR Switch
NetScreen-50
NetScreen-25
NetScreen-Remote
Software
2.0
2.0
2.0.13
2.0
N/A
4.0.8
4.0.17
5.0.r3.0
5.0.r3.0
10.0.0 (Build 10)
Table 2: Equipment and Software Used in Testing
3. Site-to-Site IPSec Tunnel between the NetScreen 25 and
NetScreen 50
Since the configuration is identical for both the NetScreen 25 and NetScreen 50 devices, only the
configuration from the NetScreen 25 is presented in these Application Notes.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
3 of 28
NetScreen-IPO.doc
3.1. Configure the NetScreen 25
The site-to-site VPN tunnel between the NetScreen 25 and NetScreen 50 is configured based on
the following parameters:
Phase 1 (IKE)
Phase 2 VPN
Authentication
Encryption
Hash
Pre-shared key
Triple DES
Triple DES
MD5
MD5
Key
Group
2
A route-based VPN tunnel is used in this configuration. Route-based VPN is a feature in
NetScreenOS where the endpoint of a VPN tunnel is seen as a network interface instead of a
policy. A route-based VPN behaves from a routing standpoint very similar to other point-to-point
WAN technologies like Frame Relay or ATM.
*******
Set up service for H.323 signaling protocol
**********
set service "Q931" protocol tcp src-port 1-65535 dst-port 1720-1720 timeout
2160
set service "ras" protocol udp src-port 1-65535 dst-port 1719-1719 timeout
2160
*******
set
set
set
set
Setup login name and password
**********
hostname ns25
admin name "NetScreen"
admin password "NetScreen"
admin auth timeout 10
****
Create the physical interfaces and assign them to zones ***********
set interface e1 zone Trust
set interface e1 route
set interface e1 ip 100.1.1.3/24
set interface e2 zone Untrust
set interface e2 route
set interface e2 ip 90.1.1.1/24
**** Create the virtual tunnel interface, which is the virtual tunnel endpoint.
**** Assign the tunnel interface into the "trust" zone.
*****
*****
set interface tunnel.1 zone Trust
set interface tunnel.1 route
set interface tunnel.1 ip unnumbered interface e1
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
4 of 28
NetScreen-IPO.doc
***** Define the security gateway parameters for phase 1 proposal using 3DES-MD5, ****
***** and bind it to the outgoing interface Ethernet2.
****
set ike gateway ns50-gw address 80.1.1.1 outgoing-interface e2 preshare
netscreen proposal pre-g2-3des-md5
***** Define the VPN parameters for phase 2 proposal using 3DES-MD5. Configure ****
***** the firewall to copy QoS bits from the original packets into the IP header of ****
***** the encrypted packets. Bind the tunnel to the outgoing interface
****
set
set
set
set
vpn
vpn
vpn
vpn
*****
*****
ns50-vpn
ns50-vpn
ns50-vpn
ns50-vpn
gateway ns50-gw idletime 0 proposal g2-esp-3des-md5
monitor
df-bit copy
bind interface tunnel.1
Define the local and remote networks, and the traffic to
be encrypted by the tunnel.
*****
*****
set vpn ns50-vpn proxy-id local-ip 100.1.1.0/24 remote-ip 10.10.42.0/24 any
***** Set route into the VPN tunnel for the remote network.
*****
set route 150.1.1.0/24 gateway 100.1.1.2
set route 80.1.1.0/24 gateway 90.1.1.2
set route 10.10.42.0/24 interface tunnel.1
3.2. Configure the NetScreen 25 with NAT
This section describes the steps necessary to enable NAT on NetScreen 25. In order for the
signaling information to reach both IP Offices correctly, the static NAT must be used for both IP
Offices. Other IP end points are configured to use Port NAT. The IP address translation is done
based on the following:
Devices
Original IP Address
Translated IP Address
NetScreen 25
150.1.1.1 (IP Office 412)
90.1.1.79 (Static NAT)
Other IP endpoints
NetScreen 50
Other IP endpoints
150.1.1.0
10.10.42.1 (IP Office 403)
10.10.42.0
90.1.1.80 (Port NAT)
80.1.1.79 (Static NAT)
80.1.1.80 (Port NAT)
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
5 of 28
NetScreen-IPO.doc
Due to the similarities in the configuration, only the NAT related configuration for the NetScreen
25 is presented below.
****** Create a zone for the VPN to apply the policies between the internal ******
****** network and the VPN tunnel.
******
set
set
set
set
zone name
interface
interface
interface
******
vpn
tunnel.1 zone vpn
tunnel.1 route
tunnel.1 ip unnumbered interface e1
Create the address object to implement NAT
******
set address trust local-net 150.1.1.0/24 "Local network at Site A"
set address vpn remote-net 10.10.42.0/24 "Remote network at Site B"
set address trust ipoffice 150.1.1.1/32 "IP Office 412"
**** Define the network address translation (NAT). Note that port address translation ****
**** (PAT) translates all traffic into the tunnel with the exception of IP Office itself.
****
**** All outgoing traffic will be source translated to 90.1.1.80. Because IP Office
****
**** needs to be reachable from the remote side, a one-to-one static NAT is
****
**** configured to translate the IP Office address 150.1.1.1 to 90.1.1.79. The virtual ****
**** router is set to the trust-vr, which is the default for all interfaces.
****
set interface tunnel.1 dip 90.1.1.80 90.1.1.80
set interface tunnel.1 mip 90.1.1.79 host 150.1.1.1 netmask 255.255.255.255
vr trust-vr
**** Create policies from the trust zone to the vpn zone. Tunnel policies are not *****
**** configured because the route-based VPN tunnel is used.
*****
set policy from vpn to global remote-net MIP(90.1.1.79) any permit log
set policy from trust to vpn local-net remote-net any nat src dip-id 4 permit
log
**** Set IP route for the NATed address *****
set route 80.1.1.0/24 interface tunnel.1
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
6 of 28
NetScreen-IPO.doc
4. Configure the Avaya IP Office
This section describes the steps necessary to configure the IP Office. Two IP Office models, IP
Office 412 and 403, are used in this testing. Since the configurations are identical, only the
configuration for IP Office 412 is presented in these Application Notes.
4.1. Configure the IP Office 412 Parameters
IP Office 412 is configured using the IP Office Manager application. The LAN1 interface is
used for protected network connectivity, and the LAN 2 interface is used for public network
connectivity.
Step
1.
Description
Configuring interface LAN1
Using the IP Office Manager, browse the configuration tree and select System Configuration
and click on the LAN1 tab.
• Set IP Address to 150.1.1.1 and IP Mask to 255.255.255.0.
• Leave the Primary Trans. IP Address field blank.
• Leave the Enable NAT box unchecked.
• For the DHCP Mode, select Disabled. In the described configuration, static IP
addresses are assigned to devices at all sites.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
7 of 28
NetScreen-IPO.doc
Step
2.
Description
Configuring interface LAN2
Click the LAN2 tab.
• Set IP Address to 100.1.1.2 and IP Mask to 255.255.255.0.
• Leave the Primary Trans. IP Address field blank
• Leave the Enable NAT box unchecked
• For the DHCP Mode, select Disabled
• Click OK when done.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
8 of 28
NetScreen-IPO.doc
Step
3.
Description
Configuring default gateway
Using the IP Office Manager, browse the configuration tree and select IP Route.
• Leave the IP Address and IP Mask fields blank.
• Enter 100.1.1.3 (IP address of NetScreen 25 private interface) as gateway IP address
• Select LAN2 as gateway interface.
• Enter 1 in Metric field and click OK.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
9 of 28
NetScreen-IPO.doc
Step
4.
Description
Configuring line options
Using the IP Office Manager, browse the configuration tree and select Line.
• Enter 02 in the Line Number field
• Enter description in Telephone Number field (optional)
• Enter 2 as Incoming Group and Outgoing Group ID
• Enter 20 as voice and data channels as shown in figure below
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
10 of 28
NetScreen-IPO.doc
Step
Description
Click the VoIP tab to enter H.323 trunk configuration.
•
•
•
•
•
•
•
•
•
•
•
•
In the Gateway IP Address field, enter 10.10.42.1. This is the IP address of the IP
Office 403 at Site B.
In the Compression Mode field, select Automatic Selection.
In the H.450 Support field, select H.450.
The Silence Suppression box may remain unchecked.
Select the Enable Faststart checkbox.
Leave the Fax Transport Support box unchecked.
Leave the Local Hold Music box unchecked.
Leave the Local Tones box unchecked.
Select the Out of Band DTMF checkbox.
Select the Allow Direct Media Path checkbox.
Leave the Voice Networking box checked.
Click OK when done.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
11 of 28
NetScreen-IPO.doc
Step
5.
Description
Configuring Shortcode
Configure the shortcode so that the IP Office 412 will route the calls to IP Office 403 using the
H.323 trunk defined in step 4.
Using the IP Office Manager, browse the configuration tree and select Shortcode.
•
•
•
•
•
Enter 4xxxx in the Short Code field
Enter . in the Telephone Number field to pass all the dialed digits.
Enter 4 in the Line Group ID field
Select Dial in the Feature field
Click OK when done.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
12 of 28
NetScreen-IPO.doc
Step
6.
Description
Configuring a user
In IP Office, every extension created requires a user associated with it. The following example
shows how to configure a user for a PhoneManager using extension 30002.
Using the IP Office Manager, browse the configuration tree and select User. Enter information in
the fields as shown in the Figure below
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
13 of 28
NetScreen-IPO.doc
Step
Description
• Click the Telephony tab
• Select VoIP in the Phone Manager Type field
• Leave the other parameters as default
• Click OK when done.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
14 of 28
NetScreen-IPO.doc
Step
7.
Description
Configuring an extension
Using the IP Office Manager, browse the configuration tree and select Extension.
•
•
•
•
Right click Extension and select Add.
Extension ID 8004 is assigned by IP Office, leave it unchanged.
Enter 30002 in the Extension field.
Configure and select other parameters as shown in figure below.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
15 of 28
NetScreen-IPO.doc
Step
Description
•
•
•
•
8.
Select the VoIP tab.
Enter 150.1.1.101 in the field of IP Address (this is the IP address of the PC where
the PhoneManager is installed).
Configure the other parameters as shown in figure below.
Click OK when done.
Save changes to the IP Office
•
•
SZ; Reviewed:
WCH 4/29/2004
Under the Manager File Menu item, select Save. At the Sending Config to dialog
box, select the option to immediately reboot and press OK.
If the IP Office Server IP address has been changed, update the IP address of the PC
running Manager and edit the Manager “Preferences” setting under the File menu
before reconnecting.
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
16 of 28
NetScreen-IPO.doc
5. Remote IPSec Tunnel between the NetScreen 25 and
NetScreen-Remote Client
This section describes the steps necessary to configure the NetScreen 25 and the NetScreenRemote client to establish a dynamic IPSec tunnel.
5.1. Configure the NetScreen 25
The NetScreen 25 is configured as a VPN tunnel endpoint for NetScreen-Remote Client. To
support a generic VPN installation packet and avoid user specific configuration on the VPN
client, the user should be configured to authenticate with a password, either maintained locally
on the firewall or on a RADIUS server.
**** Create one common user for general authentication of the NetScreen-Remote ****
**** software to the gateway. Configure that single user as a member of a group, ****
**** which will be referenced later in the IKE gateway configuration.
****
set
set
set
set
user nsr ike-id u-fqdn testing@testing share-limit 100
user nsr type ike
user nsr enable
user-group ike-users user nsr
**** Create the local VPN users "avaya" and "netscreen" and add them to a
**** user group "remote users". Create an IKE gateway for NSR.
set
set
set
set
user
user
user
user
****
****
avaya password abc123
avaya type xauth
netscreen password abc123
netscreen type xauth
set user-group remote-users location local
set user-group remote-users user avaya
set user-group remote-users user Netscreen
set ike gateway nsr-gw dialup ike-users preshare netscreen proposal pre-g23des-md5
set ike gateway nsr-gw nat-traversal
set ike gateway nsr-gw xauth server local user-group remote-users
***** Alternatively a RADIUS server could be used for user authentication, The ******
***** configuration below shows how to set up a RADIUS server for user
******
***** authentication. Use either Local or RADIUS authentication, not both at some time. *
set
set
set
set
auth-server
auth-server
auth-server
auth-server
SZ; Reviewed:
WCH 4/29/2004
my-radius
my-radius
my-radius
my-radius
type radius
server-name 1.1.1.1
secret password
account-type xauth
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
17 of 28
NetScreen-IPO.doc
set user-group remote-users location external
set user-group remote-users type xauth
set ike gateway nsr-gw dialup ike-users preshare netscreen proposal pre-g23des-md5
set ike gateway nsr-gw nat-traversal
set ike gateway nsr-gw xauth server my-radius user-group remote-users
**** Create the VPN tunnel and monitor the status of the tunnel as well *****
set vpn nsr-vpn gateway nsr-gw proposal g2-esp-3des-sha
set vpn nsr-vpn monitor
****
****
****
****
Set up policies for the VPN tunnel "nsr-vpn". The NetScreen 25 only allows
****
authenticated NSR clients to connect to internal resource "local-net" on "any" ****
service. "Untrust" is the outside zone and "Trust" is the inside zone.
****
"Dial-up VPN" is a reserved keyword for NSR clients.
****
set address trust local-net 115.1.1.0/24 "This is our internal network"
set policy from untrust to trust "Dial-up VPN" local-net any tunnel vpn nsrvpn log
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
18 of 28
NetScreen-IPO.doc
5.2. Configure the NetScreen-Remote Client
Step
1.
Description
Configuring client connection
•
•
•
•
•
•
•
Launch the NetScreen Remote client by selecting Start Æ Programs Æ NetScreenRemote Æ Security Policy Editor.
Right click the folder My Connections and select Add Æ Connection. Name the new
connection as Netscreen Testing.
Select Secure for Connection Security
Select IP Subnet for ID Type
Enter 115.1.1.0 in the field of Subnet and 255.255.255.0 in the field of Mask,
Select All in the Protocol field and Secure Gateway Tunnel in the Connect using field.
Check the Connect using box.
Select IP Address in the IP Type field and enter 90.1.1.1 (IP Address of NetScreen 25
public interface) as the tunnel endpoint IP Address.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
19 of 28
NetScreen-IPO.doc
Step
2.
Description
Configuring client identity
• Expand the Netscreen testing folder and select My Identity.
• Select Any in the Name field under the Internet Interface.
• Leave other fields as default.
• Click Pre-Shared Key under My Identity.
•
•
Click Enter Key and type key in the field
Click OK when done
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
20 of 28
NetScreen-IPO.doc
Step
3.
Description
Configuring phase 1 proposal
•
•
•
•
Expand folder Security Policy Æ Authentication (Phase 1) Æ Proposal 1.
Select Pre-Shared Key; Extended Authentication under Authentication Method.
Select Triple DES for Encrypt Alg, and SHA-1 for Hash Alg.
Select Unspecified for SA Life, and Diffe-Hellman Group 2 for Key Group.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
21 of 28
NetScreen-IPO.doc
Step
4.
Description
Configuring phase 2 proposal
•
•
•
•
•
5.
Expand folder Security Policy Æ Key Exchange (Phase 2) Æ Proposal 1.
Select Unspecified for SA Life, and None for Compression.
Check the Encapsulation Protocol (ESP) box .
Select Triple DES for Encrypt Alg, and SHA-1 for Hash Alg.
Select Tunnel for Encapsulation.
Saving the configuration
•
At top of the menu, open the File Æ Save to save the configuration
Or
•
Click the floppy disk icon from the tool bar to save the configuration.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
22 of 28
NetScreen-IPO.doc
6. Configure the Avaya PhoneManager
This section describes the steps necessary to configure the PhoneManager connecting to the IP
Office via a remote VPN tunnel.
Step
1.
Description
Configuring PhoneManager
•
Launch Avaya PhoneManager by selecting Start Æ Programs Æ IP Office Æ PhoneManager
from the PC where the PhoneManager is installed.
•
Configure the PhoneManager to use IP Office as a Call Server by selecting Configure Æ
PBX….
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
23 of 28
NetScreen-IPO.doc
Step
Description
•
•
•
•
In the UserName field, select Phone Manager 30002 previously created from IP Office
Manager.
In the Password field, enter the password previously defined.
In the PBX Address field, enter the IP Office’s private interface IP Address 150.1.1.1.
Click Login >> to log into IP Office.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
24 of 28
NetScreen-IPO.doc
Step
2.
Description
• To set codec preferences for the PhoneManager, select Configure Æ Preferences …
• Highlight the codec and move it up or down by clicking the up or down button.
• Check the Enable FastStart box.
• Click OK when done.
7. Interoperability Compliance Testing
Interoperability compliance tests included feature and functionality testing. Both site-to-site and
remote IPSec VPN tunnels were tested and validated. Feature and functionality testing examined
the Avaya IP Office, Avaya IP telephone and Avaya PhoneManager’ abilities to work with
NetScreen security device in IPSec environment. Feature and functionality testing was verified
using manual methods.
7.1. General Test Approach
All interoperability and feature testing was performed manually. An IP protocol analyzer was
used to verify the IPSec encryption for VoIP packets.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
25 of 28
NetScreen-IPO.doc
7.2. Test Results
All tests were completed successfully.
8. Verification Steps
The following verification steps can be used in these Application Notes to verify correct system
operation:
• Make a call from the IP telephone on site A to the digital telephone at site B, and verify
that the voice quality is good.
• Use a protocol analyzer to decode the VoIP packets, and verify that the packets are
encapsulated with IPSec header.
• Launch the NetScreen-Remote client and verify that the remote VPN tunnel is established
between the NetScreen-Remote client and the NetScreen 25.
• Launch the PhoneManager and verify that the PhoneManager can register with the IP
Office successfully.
• Make a call from the PhoneManager at site C to the IP telephone at site A, and verify that
the voice quality is good.
• Make a call from digital telephone at site A to the PhoneManager at site C. While the call
is active, conference the IP Telephone at site B and verify that all three parties are in
conference, and the voice quality is good.
9. Support
For technical support of NetScreen products, call 408-543-6768 or
1-877-638-7273, or email customerservice@netscreen.com.
For sales support, visit http://www.netscreen.com/contacts/sales/index.jsp on the Internet.
10. Conclusion
These Application Notes describe the configuration steps necessary to allow Avaya IP Office,
Avaya PhoneManager to work with NetScreen 25, NetScreen 50, as well as NetScreen VPN
client. All configurations have been compliance tested and all test cases were successful.
11. Additional References
For Avaya IP Office related documentation, visit http://support.avaya.com/ on the Internet.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
26 of 28
NetScreen-IPO.doc
11.1. Glossary
Technical Term
Definition as it pertains to this document
LAN
Local Area Network
WAN
Wide Area Network
DIP
Dynamic IP Pool
MIP
Mapped IP Address
IKE
Internet Key Exchange
ESP
Encapsulation Protocol
VPN
Virtual Private Network
IPSec
IP Security
3DES
Triple Data Encryption Standard (168-Bit Key)
SHA
Secure Hash Algorithm
Codec
Coder/Decoder
DiffServ
Differentiated Services
NAT
Network Address Translation
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
27 of 28
NetScreen-IPO.doc
©2004 Avaya Inc. All Rights Reserved.
Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™
are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the
property of their respective owners. The information provided in these Application Notes is
subject to change without notice. The configurations, technical data, and recommendations
provided in these Application Notes are believed to be accurate and dependable, but are
presented without express or implied warranty. Users are responsible for their application of any
products specified in these Application Notes.
Please e-mail any questions or comments pertaining to these Application Notes along with the
full title name and filename, located in the lower right corner, directly to the Avaya
DeveloperConnection Program at devconnect@avaya.com.
SZ; Reviewed:
WCH 4/29/2004
Solution & Interoperability Test Lab Application Notes
©2004 Avaya Inc. All Rights Reserved.
28 of 28
NetScreen-IPO.doc
Related documents
Education level: Typically requires 3
Education level: Typically requires 3
AVAYA- Mtg Intro Slides
AVAYA- Mtg Intro Slides
Avaya Collaboration POD
Avaya Collaboration POD
Download