VPN for Avaya phone to access ISR router

Eric Brown · ‎08-25-2016

I have a 2811 router at a branch that has a site to site vpn to our HQ. I need to setup a dynamic vpn for an Avaya 9608 IP phone to get into the network. Since it is a split tunnel on the wan fa0/0 interface with a crypto map, how would I create a tunnel for the Avaya? I cant put it on the same crypto map that is already on the interface because it doesnt use xauth and other parms.

Is there a way to use a virtual interface or dynamicvpn? What is the best solution?

pjain2 · ‎08-25-2016

do you want to create a dynamic ipsec vpn from the Avaya phones to the router. if so, you can create a dynamic-map on the router and bind it to the same crypto map.

also please elaborate what exactly you mean by split-tunnel with crypto map.

Eric Brown · ‎08-31-2016

Thank you for the response. The router currently has a basic ipsec crypto map on the internet facing interface fa0/0. The map makes the vpn to our HQ and the rest of the traffic goes to the internet.

I have not used dynamic tunnels but according to some Avaya documentation they use a username and password as well as the passphrase on the crypto map to vpn into the router. Is there a way to add un/pw auth to the new dynamic map without it being required on the existing tunnel to HQ?

pjain2 · ‎08-31-2016

yes there is. the username/password will only be used for remote access vpn and not for existing site to site tunnel

please follow the below doc:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html

Eric Brown · ‎09-06-2016

Do you know if this method works with a remote Avaya IP phone? This is considered enhanced Easy VPN using the DVTI correct?