This project started because we have remote employees that we want to be able to answer the phones from their locations. We bought 2 Peplink boxes, 380 and 210, to rebuild our network and to assist with the Site-to-Site VPN. The Peplink boxes are actually quite useful pieces of equipment. They do load balancing, failover, and also have a stateful firewall. In addition they have a very easy to install, IPSec VPN feature between the 2 boxes.
When installing the Peplink boxes it is good to layout your network first and have a plan for what you are trying to accomplish. After you have completed your layout the installation of the Peplink boxes begins.
Setup the WAN and LAN Connections (This applies to both Peplink boxes)
The first step in the setup is to connect your LAN connection and your WAN connections to the Peplink. Once you have made the connections, connect your computer and login to the Admin Interface. The default address for the Admin Interface is 192.168.1.1 and the username and password are both admin. Once in the admin setup your WAN connections. (This is pretty self-explanatory, just do it.) The same goes with the LAN. In the LAN settings you can set your DHCP range and DNS servers. If you want to setup multiple subnets on your local network you will have to put another router behind the Peplink to handle the subnets.
Setup Site-to-Stie VPN
The main thing to remember when setting up the Site-to-Site is that each remote location will have to have it’s own subnet. If you try to setup the Peplink boxes with the same subnet the boxes will never connect. For example we used for the main Peplink 380 a subnet of 192.168.1.0 and for our first subnet for the first remote site was 192.168.10.0. Now with that knowledge make sure you have different subnets and continue to setup the Site-to-Site VPN.
In the setup you will name your connection, put in the serial number of the Peplink box being connected to and the IP addresses of the other Peplink box. The serial number on the 210 can be found on the bottom of the box and the number on the 380 can be found by going to through the digital display on the front of the box. Also, on your remote Peplink you do not have to enter an IP address in if the remote is DHCP. This way when the remotes IP address gets changed the VPN will still be able to connect because it won’t be locked into one IP address. After you have setup and established the VPN connection try to ping boxes on the other end of the connection. If you get a response then you connection is setup and you can move on to the phone system.
Phone Server Changes
Now that this is complete you will now have to add a static route of 0.0.0.0 to 0.0.0.0 to your phone server (We have a BCM 400) to make the server listen to any communication from any subnet. After this is complete just simply change the IP address of your phone server to the new un-routable IP. After you make the change make sure you can ping the new address before moving on to change the phones. It would also be a good idea to try to ping from another subnet.
After the server’s IP has been changed and you can ping, move on to changing the IP of the phones. On our Nortel i2004 phones you unplug the phone, wait for Nortel Networks to appear on the screen then in a quick succession press the four soft-keys from left to right. This will bring you into the phone network settings. It is self explanatory from here out, change the IP and make sure they connect. If they do not connect make sure you are pointing at the right server, gateway is correct, and also using the right port (7000 for us).
Might be something wrong with the VPN connection itself. Reset the tunnel (If its cisco stuff – clear crypto ipsec sa peer ip). Initiate traffic from one end to bring it back up.