Shore tel Vpn concentrator 4500 User manual

ShoreTel VPN Concentrator

Models 4500/4550/5300LF/5300LF2

Installation Guide

Document and Software Copyrights

Printed in the United States of America. Contents of this publication may not be reproduced or transmitted in

any form or by any means, electronic or mechanical, for any purpose, without prior written authorization of

ShoreTel, Inc. ShoreTel, Inc. reserves the right to make changes without notice to the specifications and

materials contained herein and shall not be responsible for any damage (including consequential) caused by

reliance on the materials presented, including, but not limited to typographical, arithmetic or listing errors.

Trademarks

ShoreTel, ShoreCare, ShoreTel, ShoreWare and ControlPoint are registered trademarks of ShoreTel, Inc. in the

United Sates and/or other countries. The ShoreTel logo and ShoreTel IP Phone are trademarks of ShoreTel, Inc.

in the United States and/or other countries.

All other copyrights and trademarks herein are the property of their respective owners.

Version Information

ShoreTel

VPN Concentrator 4500/4550/5300LF/5300LF2 Installation and Configuration Guide

Part Number: 800-1559-01

Version: VPN_GA_4_2011

Date: March 5, 2013

Company Information

ShoreTel, Inc.

960 Stewart Drive

Sunnyvale, California 94085 USA

+1.408.331.3300

+1.408.331.3333 (fax)

www.ShoreTel.com

Contents

Chapter 1

1.1 Overview ............................................................................................................................... 1

1.2 Specifications......................................................................................................................... 1

1.2.1 VPN Concentrator 4500......................................................................................................1

1.2.2 VPN Concentrator 4550......................................................................................................1

1.2.3 VPN Concentrator 5300LF.................................................................................................. 2

1.2.4 VPN Concentrator 5300LF2................................................................................................ 2

1.3 Components Included with the VPN Concentrator ............................................................... 2

1.4 Hardware Features................................................................................................................ 3

1.4.1 VPN Concentrator 4500 and 4550...................................................................................... 3

1.4.2 VPN Concentrator 5300LF and 5300LF2 ............................................................................ 5

1.5 Physical Installation ............................................................................................................... 8

1.5.1 Required Tools and Materials for Installation ..................................................................... 8

1.5.2 Desktop Installation ............................................................................................................ 9

1.5.3 Wall-Mount Installation (4500 and 4550) ............................................................................ 9

1.5.4 Rack-Mount Installation ....................................................................................................10

1.5.5 Connecting the VPN Concentrator to an AC outlet ......................................................... 11

1.6 Accessing the Web Configuration GUI ................................................................................ 12

1.6.1 Connecting to the Web Configuration GUI (4500/4550).................................................. 12

1.6.2 Connecting to the Web Configuration GUI (5300LF/5300LF2) ........................................ 13

1.7 Setting the IP Address for the VPN Concentrator .............................................................. 15

1.8 Deploying the VPN Concentrator Behind a Firewall ........................................................... 17

Chapter 2

2.1 System Overview ................................................................................................................ 19

2.2 Redundant VPN Concentrators ........................................................................................... 20

2.3 SSL VPN Authentication Mechanisms.................................................................................. 20

2.4 Other Features .................................................................................................................... 20

Chapter 3

3.1 Licensing.............................................................................................................................. 23

3.1.1 Viewing Preconfigured Licenses ....................................................................................... 23

3.1.2 Ordering Additional Licenses ........................................................................................... 24

3.1.3 Installing a License on a ShoreTel VPN Concentrator ...................................................... 25

Chapter 4

4.1 Configuring the VPN Concentrator ..................................................................................... 27

4.1.1 Configuring the Out of Band Management Port (VPN Concentrator 5300LF/5300LF2 Only)

.......................................................................................................................................... 27

4.1.2 Creating and Deleting VLANs .......................................................................................... 28

4.1.3 Connecting Remote VPN Clients to LAN Subnets ........................................................... 32

4.1.4 Viewing and Changing Link Settings for Ethernet Interfaces ........................................... 33

4.1.5 Configuring Stunnel.......................................................................................................... 36

4.1.6 Downloading, Creating, and Adding a Certificate ........................................................... 41

4.1.7 Configuring the Stunnel Username-Password Database .................................................. 46

4.1.8 Configuring the Stunnel MAC Whitelist Database ........................................................... 47

4.1.9 Configuring the Stunnel MAC Address Blacklist Database .............................................. 48

Contents

4.1.10 Viewing and Terminating Active Stunnel Session(s) ......................................................... 49

4.1.11 Enabling Remote System Logging ................................................................................... 50

4.2 Configuring VPN Parameters on IP Phones ........................................................................ 51

4.2.1 Configuring VPN Settings on IP Phones via config files ................................................... 52

4.2.2 Configuring VPN Settings Manually on the IP Phone....................................................... 52

4.2.3 Summary of the Recommended Phone Configuration and Deployment Procedure ....... 53

Chapter 5

5.1 Tools and Troubleshooting.................................................................................................. 55

5.1.1 Connecting to the CLI ......................................................................................................55

5.1.2 Viewing Network Information ........................................................................................... 55

5.1.3 Checking Network Connectivity ....................................................................................... 57

5.1.4 Viewing Log Files.............................................................................................................. 59

5.1.5 Packet Capture ................................................................................................................. 59

Appendix A

A.1 Firmware Upgrade .............................................................................................................. 61

A.2 Backup and Restore............................................................................................................. 65

A.2.1 Connecting to the CLI ......................................................................................................65

A.2.2 Using the Configuration Backup Command ..................................................................... 65

Appendix B

B.1 Console Port Pinout (5300LF2 only).................................................................................... 69

VPN Concentrator Installation and Configuration Guide 1

HAPTER

1.1 Overview

The ShoreTel VPN Concentrator securely connects remote IP phones to the rest of the

system, enabling IT staff to implement a very secure and flexible remote work policy.

Remote users simply connect a ShoreTel IP phone to a broadband router and with minimal

configuration, establish a secure tunnel to the ShoreTel VPN Concentrator. Once

connected, their phone acts as though it was located in the office.

The ShoreTel VPN Concentrator is offered in four models:

•Models 4500 and 4550 support up to 10 simultaneous VPN connections.

•Models 5300LF and 5300LF2 support up to 100 simultaneous VPN connections.

This guide covers hardware installation and firmware upgrade procedures for all four

models.

1.2 Specifications

1.2.1 VPN Concentrator 4500

1.2.2 VPN Concentrator 4550

WAN Ports 1 x 10/100 Ethernet

LAN Ports 4 x 10/100 Ethernet

Serial Ports 1 x RS-232

Dimensions Height 1.688“ (42.863 mm), Width 10.438 “ (265.113 mm), Depth

6.625 “ (168.275 mm)

Weight 2 lb (0.91 kg)

Power 12V @ 3A, external AC Adapter

Environmental Operating Temperature: 5° to 40°C

Humidity: 20% to 80%, non-condensing

WAN Ports 1 x 10/100 Ethernet

LAN Ports 4 x 10/100 Ethernet

Serial Ports 1 x RS-232

Dimensions Height 1.688“ (42.863 mm), Width 9“ (228.6 mm), Depth 6.625 “

(168.275 mm)

Weight 2 lb (0.91 kg)

Power 12V @ 3A, external AC Adapter

Environmental Operating Temperature: 5° to 40°C

Humidity: 20% to 80%, non-condensing

Components Included with the VPN Concentrator Chapter 1

1.2.3 VPN Concentrator 5300LF

1.2.4 VPN Concentrator 5300LF2

1.3 Components Included with the VPN Concentrator

The following components are included with the VPN concentrator:

•1 RJ45-to-DB9 console adapter (5300LF2 series only; for the pinout, see Appendix

B).

•2 rack mount brackets

•6 rack mount bracket screws

•Documentation CD

•License information sheet

•AC power cord

•MAC Address and Serial Number (affixed to the “belly” of the device)

•AC power adapter, with attached power cord (4500 and 4550 models only)

WAN Ports 1 x 10/100/1000 Ethernet

LAN Ports 1 x 10/100/1000 Ethernet

Management Ports 1 x 10/100/1000 Ethernet

Serial Ports 1 x RS-232

Dimensions 19” rack mount, 1RU

Weight 11.5 lb (5.28 kg)

Power 100/240v VAC, auto-selecting, 47 to 63 Hz

Environmental Operating Temperature: 0° to 40°C

Humidity: 10% to 90%, non-condensing

WAN Ports 1 x 10/100/1000 Ethernet

LAN Ports 1 x 10/100/1000 Ethernet

Management Ports 1 x 10/100/1000 Ethernet

Serial Ports 1 x RS-232

Dimensions 1RU. Height: 1.73” (44mm), Width 17.4” (443mm), Depth 11.5”

(292mm)

Weight 18 lbs (8.165 kg)

Power 100/240v VAC, auto-selecting, 47 to 63 Hz

Environmental Operating Temperature: 0° to 40°C

Humidity: 10% to 90%, non-condensing

Note:

If you have ordered additional licenses for the VPN, contact your

reseller.

Chapter 1 Hardware Features

VPN Concentrator Installation and Configuration Guide 3

1.4 Hardware Features

1.4.1 VPN Concentrator 4500 and 4550

The front and back panel of the VPN Concentrator models 4500 and 4550 are the same.

For the purposes of this guide, the VPN Concentrator 4550 is used as an example.

1.4.1.1 Front Panel (4550)

Figure 1-1 Front View of the 4550

1.4.1.2 Back Panel (4550)

Figure 1-2 Back View of the 4550

Component Description

Power LED Off – Power switch is off (or no power from the AC outlet)

Solid Green – Power is supplied to the unit

Status LED Off – The unit could not boot up because of self test failure

Solid Green – Self test passed.

Flashing Green – Configuration is being written to permanent

storage or an upgrade is in progress

Hardware Features Chapter 1

Component Description

APower Connector – Accepts the plug from the supplied power adapter

which can be connected to an AC outlet on the wall using the supplied

power adapter.

B4 Ports 10/100 Mbps LAN Switch – Four ports that can be used to connect

to the Local Area Network (LAN) network.

Note: Port 1 is assigned a pre-configured IP address of http://192.168.1.1.

Additional Note: LAN port 4 can be used as a port-based VLAN. LAN ports

1 through 3 can be used as a tag-based or port-based VLAN.

CUSB Ports – Not used.

DEthernet WAN Port – This port is used to connect the 4500/4550 to an

upstream router.

Note: This port requires an IP Address. If you do not know the IP Address

assigned to the WAN Interface, contact your system administrator.

EManagement Console Port – This port is used to establish a local console

session with the 4500/4550 using a VT100 terminal or emulation program.

The cable required is a straight-through 8-wire cable with female connector.

The serial port uses a baud rate of 9600, 8 data bits, 1 stop bit and no parity.

This port is used for debug or local diagnostic purposes only. Primary con-

figuration of the 4500/4550 is performed from a web browser as covered in

Chapter 3.

FErase

• If pressed twice in quick succession, the CLI password will be changed

to its original password.

• If pressed three times in quick succession, the4500/ 4550 will revert to

factory default settings. All passwords will be reset and all prior

configurations will be erased.

Note: The default LAN address is set to 192.168.1.1

Caution: Setting the system configuration to factory default will erase all

configuration changes.

GLink Status LED

•Solid Green – Ethernet link is up.

•Blinking Green – Indicates activity on the link.

HLink Speed LED

•Off – If the link is up, indicates that the port is connected to a 10BaseT

Ethernet switch or hub.

•Solid Amber – Indicates that the port is connected to a 100BaseT

Ethernet switch or hub.

Other manuals for VPN Concentrator 4500

This manual suits for next models

Table of contents

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual

SHORE TEL VPN Concentrator 4500 User manual

Popular Gateway manuals by other brands