Beruflich Dokumente
Kultur Dokumente
Printed in the United States of America. Contents of this publication may not be reproduced or transmitted in
any form or by any means, electron ic or mechanical, for any purpose, wi thout prior written authorization of
ShoreTel, Inc. ShoreTel, Inc. reserves the right to ma ke changes without notice to the specifications and
materials contained herein and shall not be responsible for any damage (including consequential) caused by
reliance on the materials presented, including, but not lim ited to typographical, arit hmetic or listing errors.
Trademarks
ShoreTel, ShoreCare, ShoreTel, ShoreWar e and ControlPoint are registered tr ademarks of ShoreTel, Inc. in the
United Sates and/or other countries. The ShoreTel logo and ShoreTel IP Ph one are trademarks of ShoreTel, Inc.
in the United States and/or other countries.
All other copyrights and trademarks herein ar e the property of their respective owners.
Version Information
ShoreTel
VPN Concentrator 4550/5300 Installation and Configuration Guide
Part Number: 800-1559-01
Version: VPN_GA_4_2011
Date: September 21, 2011
Company Information
ShoreTel, Inc.
960 Stewart Drive
Sunnyvale, California 94085 USA
+1.408.331.3300
+1.408.331.3333 (fax)
www.ShoreTel.com
Contents
1.1
1.2
1.3
2.1
2.2
2.3
2.4
3.1
3.2
Specifications......................................................................................................................... 1
1.1.1 VPN Concentrator 4550 .......................................................................................................... 1
1.1.2 VPN Concentrator 5300 .......................................................................................................... 1
Components included with the VPN Concentrator ............................................................... 1
Hardware Installation ............................................................................................................ 2
1.3.1 VPN Concentrator 4550 .......................................................................................................... 2
1.3.1.1
Requirements for Installation....................................................................................... 2
1.3.1.2
Front Panel Overview ................................................................................................... 2
1.3.1.3
Back Panel Overview .................................................................................................... 3
1.3.1.4
Physical Installation ...................................................................................................... 4
Required Tools and Materials................................................................. 4
Desktop Installation ................................................................................ 5
Wall-Mount Installation........................................................................... 5
Rack-Mount Installation .......................................................................... 6
Connecting the 4550 to an AC outlet .................................................... 6
1.3.1.5
Connecting to the web configuration GUI of the 4550............................................. 7
1.3.2 VPN Concentrator 5300 .......................................................................................................... 8
1.3.2.1
Requirements for Installation....................................................................................... 8
1.3.2.2
Front Panel Overview ................................................................................................... 9
1.3.2.3
Back Panel Overview .................................................................................................. 11
1.3.2.4
Physical Installation .................................................................................................... 11
Rack-Mount Installation ........................................................................ 11
Connecting the 5300 to an AC socket ................................................. 12
1.3.2.5
Connecting to the web configuration GUI of the 5300........................................... 12
1.3.2.6
Setting the IP Address ............................................................................................... 14
1.3.3 Deployment Scenarios .......................................................................................................... 15
System Overview ................................................................................................................ 17
Redundant VPN Concentrators ........................................................................................... 18
SSL VPN Authentication Mechanisms.................................................................................. 18
Other Features .................................................................................................................... 18
Licensing.............................................................................................................................. 21
3.1.1 Viewing Preconfigured Licenses............................................................................................ 21
3.1.2 Ordering Additional Licenses................................................................................................ 22
3.1.3 Installing a License on a ShoreTel VPN Concentrator ........................................................... 22
Requirement ......................................................................................... 22
Configuring the device using the Web Configuration GUI.................................................. 23
3.2.1 Management Interface Page (VPN Concentrator 5300 Only) ............................................... 23
3.2.2 VPN Concentrator 4550 Create VLAN Page ......................................................................... 24
3.2.2.1
VPN Concentrator 4550 VLAN Membership Page .................................................. 25
3.2.2.2
VPN Concentrator 4550 VLAN Port Page................................................................. 26
3.2.3 VPN Concentrator 5300 VLAN Configuration Page.............................................................. 27
3.2.4 Route Page ............................................................................................................................ 28
3.2.5 Set Link Page......................................................................................................................... 29
3.2.6 Stunnel Page ......................................................................................................................... 31
Global Configuration ............................................................................ 32
LDAP Configuration.............................................................................. 34
Stunnel IP Pool...................................................................................... 34
3.2.7 Username Page, MAC Address Whitelist Page and MAC Address Blacklist Page ............... 35
Username and Password Database ...................................................... 35
MAC Address Whitelist ........................................................................ 36
MAC Address Blacklist ......................................................................... 37
Current Sessions ................................................................................... 39
3.2.8 Enabling Remote System Logging ........................................................................................ 39
3.2.9 Configuring VPN Parameters on IP Phones........................................................................... 41
Contents
3.2.9.1
Configuration via config files..................................................................................... 41
3.2.9.2
Manual configuration ................................................................................................. 41
3.2.9.3
Summary of recommended configuration and deployment procedure: .............. 42
4.1
Tools and Troubleshooting .................................................................................................. 45
4.1.1 Network Information ............................................................................................................. 46
4.1.2 Network Connectivity............................................................................................................ 47
4.1.3 Viewing Log Files .................................................................................................................. 48
4.1.4 Packet Capture ...................................................................................................................... 49
4.1.4.1
Capturing Packets for an Individual SSL Connection .............................................. 49
A.1 Firmware Upgrade .............................................................................................................. 51
B.1 Console Port Pinout (5300 only).......................................................................................... 53
ii
Chapter 1:
Specifications
1.1
Specifications
1.1.1
1.1.2
1.2
WAN Ports
1 x 10/100 Ethernet
LAN Ports
4 x 10/100 Ethernet
Serial Ports
1 x RS-232
Dimensions
Weight
2 lb (0.91 kg)
Power
Environmental
1 x 10/100/1000 Ethernet
LAN Ports
1 x 10/100/1000 Ethernet
Management Ports
1 x 10/100/1000 Ethernet
Serial Ports
1 x RS-232
Dimensions
Weight
Power
Environmental
1 RJ45-to-DB9 console adapter (5300 only; for the pinout, see Section B.1).
2 rack mount brackets
6 rack mount bracket screws
Documentation CD
License information sheet
AC power cord
MAC Address and Serial Number (affixed to the belly of the device)
AC power adapter, with attached power cord (4550 only)
Note:
If you have ordered additional licenses for the VPN, contact your reseller.
Hardware Installation
Chapter 1:
1.3
Hardware Installation
1.3.1
1.3.1.1
1.3.1.2
Figure 1-1
Item
Description
PWR
Status
Chapter 1:
1.3.1.3
Hardware Installation
Figure 1-2
Call out
Description
Hardware Installation
Chapter 1:
Call out
Description
Erase
1.3.1.4
Physical Installation
The 4550 device is designed for desktop, rack or wall-mount installation. Observe the
following guidelines when installing the system:
Always verify that the AC cord is disconnected from a power source prior to
installation.
Ensure that the installation site has adequate air circulation and meets the
minimum operating conditions for the system as specified in Specifications of this
document
Chapter 1:
Hardware Installation
2 round or flat head wood screws, Philips or slotted, and 1 inch long
Figure 1-3
Ethernet cables to connect the LAN ports to LAN switches or other Ethernet
devices and the WAN port to a firewall or an upstream router.
Desktop Installation
1. Remove the 4550 and the accessories from the shipping container.
2. Place the 4550 on a flat, dry surface such as a desktop, shelf or tray.
Wall-Mount Installation
You can mount the 4550 on a wall using the two built-in hang holes on the bottom of the
appliance. We recommend that you use two wood screws, at least 1 inch long.
1. Install two screws 5.9063 (150 mm) horizontally apart on a wall or other vertical
surface. The screws should protrude from the wall so that you can fit the appliance
between the head of the screw and the wall. If you install the screws in drywall, use
hollow wall anchors to ensure that the unit does not pull away from the wall due to
prolonged strain from the cable and power connectors.
Figure 1-4
Hardware Installation
Chapter 1:
Figure 1-5
TIP:
If the ports of the 4550 will not be accessible or visible once the device is mounted on
the wall, complete the steps in 1.3.1.5 and 1.3.2.6 before continuing.
WARNING: Do not mount the 4550 on the wall as shown below.
Figure 1-6
Rack-Mount Installation
You can mount the 4550 in a 19 rack by using the rack-mount kit supplied with the
product.
1. Attach the ear mounts to both sides of the 4550 with the screws.
2. Attach the 4550 with the ear mounts to the shelf by screwing the ear mounts to the
shelf with screws.
Connecting the 4550 to an AC outlet
1. Plug the power cord attached to the Power Adaptor into the AC Power Connector
on the back of the device (shown in Figure 1-2).
2. Plug one end of the included AC power cord into the Power Adaptor, and plug the
power cords male end into an AC outlet. Sometimes a little force is necessary to
get the plug properly positioned.
6
Chapter 1:
Hardware Installation
Make sure that the power and status LEDs, shown in Figure 1-1 as A and B, are
solid green after a short while.
WARNING
Always connect the AC power cord to an AC outlet suitable for the power
supply that came with the unit in order to reduce the risk of damage to the
unit.
Tip
If the device is on a shelf from which the power adapter will dangle, secure
the power adapter using a fastener or tie wrap to nearby shelf so that it does
not hang from the power connector.
1.3.1.5
Hardware Installation
Chapter 1:
Figure 1-7
4. Enter the username as root and the password as default to log into the system.
The System configuration page appears.
Figure 1-8
5. If you are connecting to the web configuration GUI for the first time, complete
network configuration by completing the steps as outlined in Section 1.3.2.6.
6. To upgrade the VPN Concentrators firmware files, complete the steps as outlined in
Section A.1.
8
Chapter 1:
Hardware Installation
1.3.2
1.3.2.1
Hardware Installation
1.3.2.2
Chapter 1:
Figure 1-9
Call out
Description
Erase
Power LED
10
Chapter 1:
Hardware Installation
Call out
Description
11
Hardware Installation
1.3.2.3
Chapter 1:
Figure 1-10
1.3.2.4
Call out
Description
Physical Installation
Rack-Mount Installation
The 5300 is designed for 19 rack mount installation. Simply secure the ear mounts (as
shown in Figure 1-11) on both sides of the chassis to the rack post with screws.
Please observe the following guidelines when installing the system:
12
Chapter 1:
Hardware Installation
Never assume that the AC cord is disconnected from a power source. Always check
first.
Never place objects greater than 5 lbs on top of the appliance as damage to the
chassis may result.
Always connect the AC power cord to a properly grounded AC outlet to avoid
damage to the system or injury.
Ensure that the physical location of the installation has adequate air circulation and
meets the minimum operating conditions as provided in the environmental
specifications for the system.
7. Connect the 3-pin Shroud Female connector of the power cord to the AC socket on
the 5300 shown as A in Figure 1-10. Connect the other end of the power cord into
an AC outlet on the wall.
8. Turn on the power by pressing 1 on the power switch (shown as B in Figure 1-10).
9. Make sure that the power LED (shown as B in Figure 1-9) is solid green and the
disk activity LED (shown as H in Figure 1-9) is blinking red.
1.3.2.5
13
Hardware Installation
Chapter 1:
Figure 1-12
14
Chapter 1:
Hardware Installation
4. Enter the username as root and the password as default to log into the system.
The System configuration page appears.
Figure 1-13
5. If you are connecting to the web configuration GUI for the first time, complete
network configuration by completing the steps as outlined in Section 1.3.2.6.
6. To upgrade the VPN Concentrators firmware files, complete the steps as outlined in
Section A.1.
1.3.2.6
15
Hardware Installation
Chapter 1:
Note: If you do not know the IP Address assigned to the WAN Interface,
contact your system administrator.
Additional Note: The IP address can be a private IP address and you can
configure the firewall to NAT port 443 to the private IP on the concentrator.
Set the Subnet Mask.
4. Perform the following steps in the Network Settings: section:
Set the Default Gateway to the upstream routers IP address.
Set the "Primary DNS Server" and "Secondary DNS Server" to the primary and
secondary DNS servers respectively.
5. To change the IP address of the LAN Interface, perform the following steps in the
LAN Interface Settings: section:
Set the IP Address: to an IP address that can be reached from the LAN
network.
Set the Subnet Mask:
6. Click the Submit button to make the above changes current.
7. Detach the Ethernet cable from the computers Ethernet interface and connect it to
a hub or Ethernet switch connecting to the LAN network.
8. Launch a web browser on any computer on the LAN networks and enter the LAN
IP address of the device. Press Return and the following log into the system as
explained above.
9. Connect the device to the WAN by completing one of the following steps:
If you are connecting the 4550 to the WAN, connect one end of an Ethernet
cable to the WAN port of the 4550, shown in Figure 1-2. as D, and the
other end to Ethernet port of an appropriate device based on your
deployment scenario.
16
Chapter 1:
Hardware Installation
If you are connecting the 5300 to the WAN, connect one end of an Ethernet
cable to the WAN port of the 5300, shown in Figure 1-9. as E, and the
other end to Ethernet port of an appropriate device based on your
deployment scenario.
.
Note:
See section 1.3.3 for examples of deployment scenario
1.3.3
Deployment Scenarios
Figure 1-14
Connected to WAN
through firewall and gateway router
To secure, restrict or inhibit pass-through traffic to the VPN Concentrator, it must be deployed
behind an enterprise firewall. Connect the WAN port of the VPN Concentrator to the DMZ
network (or port) of the firewall as shown in Figure 1-14. The WAN port should be assigned to
a private IP address (RFC 1918), or an IP address that can be used within a DMZ subnet.
Connect the LAN port of the VPN Concentrator to the LAN network using an LAN IP address
from the LANs IP subnet.
17
Chapter 2:
System Overview
2.1
System Overview
The SSL based VPN Concentrator enables many remote VoIP Phones to establish secure
voice communications with a ShoreTel telephone system through SSL VPN tunnels. For
every SSL VPN tunnel, a virtual PPP interface is created on the VPN Concentrator. A PPP
peer interface is created at the remote VoIP Phone. The VOIP signaling and media streams
passing through the PPP interface within the SSL VPN tunnel are therefore completely
secure through the use of encryption in SSL.
Figure 2-1
Emergency calls from a remote VPN phone can result in serious delays and
miscommunication. If ShoreTel VPN phones will be deployed in remote locations,
emergency calls placed from these phones will be routed to the Public Safety Answering
Point (PSAP) nearest the site that hosts the switch and VPN concentrator. If the remote
ShoreTel VPN phone is outside of the PSAPs designated area, this will delay or prevent
an effective response.
When remotely deploying a ShoreTel VPN phone, ShoreTel strongly recommends that
you implement a 3rd-party solution which can route emergency calls to the PSAP that is
nearest to the VPN phone. If such a solution is not available, the remote ShoreTel VPN
phone should be clearly labeled so that its users know these restrictions regarding
emergency phone call usage.
17
2.2
Chapter 2:
2.3
User name and password validation The SSL VPN client on the remote phone is
expected to provide the username and password so that they can be matched
against the following databases:
Local database (default) A list of valid usernames and their associated
passwords configured for the authentication in the local database by the
administrators.
2.4
Other Features
Understanding of the following features will be helpful in configuring the device:
18
Session Timeout An optional global timeout value for SSL VPN sessions can be
configure by the administrator. Any SSL VPN session will be terminated if it has
been active for the duration of the timeout value.
Active Sessions The system maintains a runtime list of all current active SSL VPN
sessions. The administrator can delete one or more active SSL VPN sessions if
necessary.
Chapter 2:
Other Features
History Log A history log of all connection requests is maintained which includes
information such as success and failure of sessions establishment, etc.
19
Chapter 3:
Licensing
C H A P T E R
3.1
Licensing
You can view and edit existing licenses for the VPN Concentrator, and install new licenses.
Up to 10 tunnels on ShoreTel VPN 4550 Concentrators and 100 tunnels on ShoreTel VPN
5300 Concentrators can be installed. The MAC address is used to generate a license key.
You cannot install a license on a ShoreTel VPN Concentrator for which the license is not
intended.
The following topics provide more details about licensing:
3.1.1
21
Licensing
Chapter 3:
Figure 3-1
3.1.2
3.1.3
Valid license for the target VPN Concentrator, contained in a license key document.
The IP address that will provide web access to the target VPN Concentrator
Note:
Licenses for ShoreTel VPN Concentrators are assigned to specific units. You cannot install
on or transfer to another unit for which the license was not created.
To install the license key, complete the following steps:
1. Complete the steps to connect to the web configuration GUI of the 4550 or 5300 as
outlined in Section 1.3.1.5 and Section 1.3.2.5, respectively.
Note:
22
Chapter 3:
2.
3.
4.
5.
6.
3.2
The default user name and password for the device is root and default. If this
user name and password does not allow you to access the device, it may have been
changed. Retrieve the user name and password from your system administrator.
Click System. The System Page appears.
Click View License Key. The License page appears.
Click the Edit License Key link.
In the License Key field, enter the license key as shown on the license key document.
Click Submit.
3.2.1
23
Chapter 3:
Interface page and configure this port, complete the steps to connect to the web
configuration GUI of the 5300 as outlined in Section 1.3.2.5, respectively, then choose
System Management Interface.
Figure 3-2
Parameter
Description
Subnet Mask
3.2.2
24
Chapter 3:
Figure 3-3
Parameter
3.2.2.1
Description
VLAN ID
IP Address
Subnet Mask
25
Figure 3-4
Chapter 3:
Parameter
3.2.2.2
Description
VLAN ID
Port Number
26
Chapter 3:
Figure 3-5
Parameter
Packet Type
Description
PVID
3.2.3
27
Figure 3-6
Parameter
3.2.4
Chapter 3:
Description
VLAN ID
IP Address
Network Mask
Route Page
The Route page enables the VPN concentrator to connect remote VPN clients specified
LAN subnets. To access the Route page, complete the steps to connect to the web
configuration GUI of the 4550 or 5300 as outlined in Section 1.3.1.5 and Section 1.3.2.5,
respectively, and then, from the web configuration GUI, choose System Route.
28
Chapter 3:
Figure 3-7
Parameter
3.2.5
Description
IP Network
Network mask
Gateway
29
Chapter 3:
The settings on the Ethernet switch and the VPN Concentrator must match. If the port
speed and duplex do not match, the switch may lose connectivity with the VPN
concentrator.
Figure 3-8
30
Chapter 3:
Parameter
LAN Ethernet
Description
WAN Ethernet
3.2.6
Stunnel Page
Securely connect remote IP phones using a Stunnel.
To access the Stunnel page, complete the steps to connect to the web configuration GUI of
the 4550 or 5300 as outlined in Section 1.3.1.5 and Section 1.3.2.5, respectively, and then,
from the web configuration GUI, choose System Stunnel.
Note:
A submit on this page will restart all network services, including the Stunnel service. All
SSL VPN sessions will be terminated.
The Stunnel page is divided into the following sections:
Global Configuration
LDAP Configuration
Stunnel IP Pool
31
Chapter 3:
Global Configuration
Figure 3-9
Parameter
Description
Stunnel Enable
32
Chapter 3:
Parameter
Description
Max Clients
33
Chapter 3:
LDAP Configuration
Figure 3-10
Parameter
Description
LDAP Authentication
Enable
Stunnel IP Pool
This IP address pool specifies the number of IP addresses that are available to be assigned
to SSL VPN clients.Specify a valid IP address or a range of IP addresses, for example:
10.10.10.2 or 10.10.10.2-100. Overlapping IP address ranges are not supported. The IP
Address Pool must be on the same subnet as the VPN Concentrator. Care must be taken to
34
Chapter 3:
isolate the peer IP Address Pool from the configured Server IP address. It is important to
remember that every incoming session requires a unique IP address to be assigned from the
Stunnel IP Pool. If the numbers of addresses in the Pool are not adequate, it imposes a
limitation on the maximum number of simultaneous Stunnel connections, irrespective of
the configured 'Max Clients' parameter value. By default, this list is empty. If you have
added a new IP pool range, it will only become effective after the next restart of Stunnel.
Note:
Remove addresses from the DHCP server or servers on the LAN that will be used by the
VPN Concentrators address pool. The IP address pool must be part of the VPN LAN
subnet, and must not overlap with the pool used by the DHCP server on the same subnet.
Figure 3-11
3.2.7
Username Database
MAC Address Whitelist
MAC Address Blacklist
Active Sessions
35
Chapter 3:
To add or delete a user from the database, from the Configuration Menu, choose Stunnel
Usernames Database.
Note: The VPN user name & password are independent of any user names and passwords
set in ShoreWare Director for ShoreTel phone users.
Figure 3-12
36
Chapter 3:
To add or delete MAC addresses from the database, from the Configuration Menu, choose
Stunnel Usernames Database MAC Whitelist.
Figure 3-13
37
Chapter 3:
The maximum number of MAC Addresses that can be configured at a time in the Blacklist
database is 1000. Only valid MAC addresses are allowed. Duplicate MAC Addresses cannot
be configured. If MAC Whitelist validation is enabled, MAC Whitelist validation is done
after MAC Blacklist validation.
To add or delete MAC addresses from the database, choose Stunnel Usernames
Database MAC Blacklist.
Figure 3-14
38
Chapter 3:
Current Sessions
The Active Stunnel Session(s) page allows the administrator to view or terminate the active
STUNNEL sessions. Each Active STUNNEL session is associated with a unique Username
and MAC address as shown in the table. The timestamp and duration fields display the
time the session was established and the amount of time the session has been active.
Figure 3-15
3.2.8
39
Chapter 3:
Services Configuration.
Scroll to the bottom of the page to view the remote system logging settings.
Figure 3-16
Parameter
Description
40
Syslog filter
Set Hostname
Chapter 3:
3.2.9
3.2.9.1
3.2.9.2
Manual configuration
1. With the phone on hook, press the Mute button. The LED should not light and you
shouldn't hear any tones; if this isn't the case, lift and replace the handset.
41
Chapter 3:
2. Dial S-E-T-U-P on the keypad and then press the # key. When prompted, enter the
assigned password for the telephone followed by the # key.
3. Press the # key to skip clearing all configuration values.
4. Press the # key to cycle through the configuration values until prompted to enter the
VPN Gateway parameter.
5. Enter the following VPN related parameters in order
a. VPN Gateway. This should be the IP Address of the VPN Concentrator with
which the phone will connect. Use the digit keys to enter digits and the * key
to enter a period in the IP address (.) Press the # key to complete this entry.
b. VPN Port. [Default value = 443]. This is the port number on the VPN
concentrator that the phone will connect to. Press the # key to accept the default
value or use the digit keys to enter a different port number followed by the # key
to complete this entry.
c. VPN [Default = Off]. This setting enables/disables the VPN feature on the
phone. Press the * key to toggle the current setting if needed. Press the # key to
accept the current setting.
d. VPN User Prompt [Default = Off]. If Enabled the user will be prompted to enter
their VPN user name after a power cycle of the phone. If Disabled, the user name
is saved in non-volatile RAM and is submitted automatically after a power cycle.
This setting does not affect the phones behavior in which it will automatically
attempt to re-establish the VPN tunnel should it be disconnected while the
phone is powered on.
Press the * key to toggle the current setting if needed. Press the # key to accept
the current setting.
e. VPN Password Prompt [Default = Off]. If Enabled the user will be prompted to
enter their VPN authentication password after a power cycle of the phone. If
Disabled, the password is saved in non-volatile RAM and is submitted
automatically after a power cycle.
This setting does not affect the phones behavior in which it will automatically
attempt to re-establish the VPN tunnel should it be disconnected while the
phone is powered on.
Press the * key to toggle the current setting if needed. Press the # key to accept
the current setting.
3.2.9.3
42
Concentrators database.
Configure the phones using the preferred method of MAC address specific
configuration files. Note: since there is no user specific configuration relating to
VPNs, a master configuration may be created that is then replicated for each MAC
address as needed.
Power-up the phone on the corporate (local) network with the VPN setting to Off
(Refer to manual setting). This will cache the config file with the VPN settings in
the phone.
Chapter 3:
Set VPN to ON via the on-screen Setup menu and verify a successful VPN
connection via a public internet connection.
Phone is shipped to remote location and should automatically establish the VPN
connection when connected to the userss home or remote office network assuming
DHCP operation.
This procedure allows for a turn-key installation of remote phones with minimal
user intervention.
43
Chapter 4:
C H A P T E R
4.1
Figure 4-1
45
4.1.1
Chapter 4:
Network Information
Network information is available through both GUI and CLI. Following screenshot
displays the network information such as routing tables, link status, and interface status:
Figure 4-2
Please make sure that all links and interfaces are up and running and all interfaces have
valid IP addresses. Also make sure that the default route is pointing to the right gateway.
46
Chapter 4:
Interface information can also be obtained through the CLI by issuing the ifconfig
command.
Figure 4-3
4.1.2
Network Connectivity
Once all the physical and logical interfaces are up and running then network connectivity
can be checked by using the ping command. The "traceroute" command can also be used
to have an understanding about the path that a packet will take to reach a destination on
the internet and the delay associated with it.
Figure 4-4
47
Chapter 4:
Figure 4-5
Figure 4-6
4.1.3
48
Chapter 4:
These files can also be provided to ShoreTel support team for debugging purposes. In
addition ShoreTels remote system log server information can be entered in the Enabling
Remote System Logging so that ShoreTel support team can analyze it for debugging
purposes. If more information is required for debugging purposes then read the Packet
Capture section.
4.1.4
Packet Capture
Packet capture capability can be used to capture packets and analyze them for debugging
purposes. This capability is only available through CLI. Packets can be filtered for capture
by on the basis of host, port, interface, etc. The captured packets are stored in a file in on
RAM disk in the VPN Concentrator with the extension pcap. Packets can be captured on
eth0 (LAN port), eth1 (WAN port), and pppX (where X is a positive integer). pppX is the
interface that is associated with a remote phone.
Figure 4-7
4.1.4.1
4. Next, stop the packet capture by issuing the following command: killall tcpdump
5. FTP the captured files /etc/images/ETH1.pcap, /etc/images/PPP0.pcap, /etc/images/
ETH0.pcap to the remote FTP server so that it can be viewed by a program like Wireshark or sent to ShoreTel support team for analysis. You can also copy the files from the
system to your computer using WINscp if an external FTP server is unavailable.
49
Appendix A:
Firmware Upgrade
A.1
Firmware Upgrade
To upgrade the firmware on the VPN concentrator, complete the following steps:
1. Download the firmware files from ShoreTel Support.
a. Open a Web browser.
b. In the URL field, type: http://support.ShoreTel.com/
The ShoreTel Support Web page appears.
c. In the By Products list, select VPN Concentrator.
The Customers and Partners login page appears.
d. Enter your ShoreTel login name and password and click on the Sign
In button.
The VPN Concentrator page appears.
e. In the Download section, click the VPN Concentrator build to
which you want to upgrade.
The File Download dialog box appears.
Important:
Write down the name of the file for reference. You will need this file
name when you configure the VPN concentrator to perform the
upgrade.
f. Click Save to save the related firmware files to your local drive.
2. If the VPN Concentrators firmware is being upgraded for the first time, create the
following two directories under the root directory of an FTP server: pub/e_4600
and pub/e_5300lf2
Note:
The FTP server can be sitting on either the WAN or LAN network. The login name must be
anonymous.
1. Upload the firmware files from ShoreTel Support to their corresponding directories
on the FTP server.
Place the firmware files for the 4550 in the pub/e_4600 directory.
Place the firmware files for the 5300 in the pub/e_5300lf2 directory.
2. Download the related firmware files from the FTP server to the VPN Concentrator.
a. Complete the steps to connect to the web configuration GUI of the
4550 or 5300 as outlined in Section 1.3.1.5 and Section 1.3.2.5,
respectively.
51
Firmware Upgrade
Appendix A:
Figure A-1
52
Appendix B:
B.1
Figure B-1
DB9 Signal
DB9 to RJ45
RJ45 Signal
Pin
DTR
Pin 1 to Pin 2
RTS
TXD
Pin 2 to Pin 3
DTR
RXD
Pin 3 to Pin 6
TXD
DSR
Pin 4 to Pin 7
GND
GND
SGND
DTR
Pin 6 to Pin 2
RXD
CTS
Pin 7 to Pin 8
DSR
RTS
Pin 8 to Pin 1
CTS
53