ContentsPrint

Add SSL VPN Service

Navigation: System Settings > Services > Add/Edit Service

Click Add/Edit Service to open the Add SSL VPN Service page where you can provision a location. When you click Add/Edit Service, you are prompted to specify a server.

This type of service provides a secure tunnel between the IP Office system at a customer site and an Avaya VPN Gateway (AVG) installed at a service provider site. This secure tunnel allows service providers to offer remote management services to customers, such as fault management, monitoring, and administration. SSL VPN Services are supported by IP500 V2 and Linux based IP Office systems only. For full details on how to configure and administer SSL VPN services, refer to the Avaya IP Office SSL VPN Solutions Guide.

warningWarning

The process of 'on-boarding automatically creates an SSL VPN service in the system configuration when the on-boarding file is uploaded to the system. Care should be taken not to delete or modify such a service except when advised to by Avaya.

For Server Edition, this type of configuration record can be saved as a template and new records created from a template.

These settings are mergeable. Changes to these settings do not require a reboot of the system.

Service

Field Description
Service Name Enter a name for the SSL VPN service.
Account Name Enter the SSL VPN service account name. This account name is used for authenticating the SSL VPN service when connecting with the Avaya VPN Gateway (AVG).
Account Password Enter the password for the SSL VPN service account.
Confirm Password Confirm the password for the SSL VPN service account.
Server Address Enter the address of the VPN gateway. The address can be a fully qualified domain name or an IPv4 address
Server Type Default = AVG. This field is fixed to AVG (Avaya VPN Gateway).
Server Port Number Default = 443. Select a port number.

Session

Field Description
Session Mode Default = Always On.

This setting is greyed out and cannot be adjusted.

Preferred Data Transport Protocol Default = UDP.

This is the protocol used by the SSL VPN service for data transport. Only TCP is supported. If you select UDP as the protocol when you configure the connection, UDP displays in this field but the SSL VPN service falls back to TCP.

Heartbeat Interval Default = 30 seconds. Range = 1 to 600 seconds.

Enter the length of the interval between heartbeat messages, in seconds. The default value is 30 seconds.

Heartbeat Retries Default = 4. Range = 1 to 10.

Enter the number of unacknowledged heartbeat messages that IP Office sends to AVG before determining that AVG is not responsive. When this number of consecutive heartbeat messages is reached and AVG has not acknowledged them, IP Office ends the connection.

Keepalive Interval Default = 10 seconds. Range = 0 (Disabled) to 600 seconds.

Not used for TCP connections. Keepalive messages are sent over the UDP data transport channel to prevent sessions in network routers from timing out.

Reconnection Interval on Failure Default = 60 seconds. Range = 1 to 600 seconds.

The interval the system waits attempting to re-establish a connection with the AVG. The interval begins when the SSL VPN tunnel is in-service and makes an unsuccessful attempt to connect with the AVG, or when the connection with the AVG is lost. The default is 60 seconds.

NAPT

The Network Address Port Translation (NAPT) rules are part of SSL VPN configuration. NAPT rules allow a support service provider to remotely access LAN devices located on a private IP Office network. You can configure each SSL VPN service instance with a unique set of NAPT rules.

Field Description
Application Default = Blank

Defines the communication application used to connect to the LAN device through the SSL VPN tunnel. When you select an application, the Protocol and Port Number fields are filled with the default values. The drop-down Application selector options and the associated default values are:

Application Protocol External and Internal Port Number
Custom TCP 0
VMPro TCP 50791
OneXPortal TCP 8080
SSH TCP 22
TELNET TCP 23
RDP TCP 3389
WebControl TCP 7070
Protocol Default = TCP

The protocol used by the application. The options are TCP and UDP.

External Port Number Default = the default port number for the application. Range = 0 to 65535

Defines the port number used by the application to connect from the external network to the LAN device in the customer private network.

Internal IP address Default = Blank.

The IP address of the LAN device in the customer network.

Internal Port Number Default = the default port number for the application. Range = 0 to 65535

Defines the port number used by the application to connect to the LAN device in the customer private network.

Fallback

Field Description
In Fallback Default = Off.

This setting is used to indicate whether the SSL VPN service is in use or not.

  • To configure the service without establishing an SSL VPN connection, or to disable an SSL VPN connection, select this option.

  • To enable the service and establish an SSL VPN connection, de-select this option.

  • The Set Hunt Group Night Service and Clear Hunt Group Night Service short code and button features can be used to switch an SSL VPN service off or on respectively. The service is indicated by setting the service name as the telephone number or action data.  Do not use quotation marks.