VPN Configuration (Optional)
| ■ | VPN is required if the connection to OVOC (or between the UMP and the SBC’s) is over the public network. The VPN is used to connect the On-Premises UMP and SBC to the central OVOC service. |
VPN Configuration
|
Phase |
Attribute |
Customer |
AudioCodes |
|
|---|---|---|---|---|
|
Phase 1: ISAKMP- Main Mode |
Peer IP Address |
- |
- |
|
|
SA Timeout (seconds) |
1440 |
1440 |
||
|
Hash Algorithm |
SHA1 |
SHA1 |
||
|
Encryption Algorithm |
AES-256 |
AES-256 |
||
|
Diffie-Hellman (DH) Group |
Group 2 (1024) |
Group 2 (1024) |
||
|
Pre-shared Key |
Shared via Phone/Email |
|||
|
Phase 2: IPSec – Quick Mode |
SA Timeout (seconds) |
3600 |
3600 |
- |
|
Hash Algorithm |
SHA1 |
SHA1 |
- |
|
|
Encryption Algorithm |
AES-256 |
AES-256 |
- |
|
|
PFS DH Group |
Group 2 (1024) |
Group 2 (1024) |
- |
|
|
Encrypted Hosts/Subnets |
TBD |
TBD |
- |
|
| ● | Authentication Header (AH) is not supported. |
| ● | Aggressive Mode is not supported |
| ● | If a PAT or hide NAT is used on either side of the tunnel, the VPN will require special configuration. |
The VPN tunnel ports should allow traffic for the following protocols/ports.
VPN Tunnel Ports
|
Transport/Port/Protocol |
AudioCodes > Customer |
Customer > AudioCodes |
|---|---|---|
|
TCP 22 (SSH) |
√ |
- |
|
UDP 162 (SNMP) |
|
√ |
|
UDP 161 (SNMP) |
√ |
|
|
TCP 443 (HTTPS) |
√ |
- |
|
TCP 3389 (RDP) |
√ |
- |
|
TCP; 636 (LDAPs) |
- |
- |
|
The following ports are required if managed devices are monitored using central OVOC (AudioCodes Datacenter) |
||
|
UDP 1161 (SNMP) |
Bi-directional |
|
The VPN tunnel ports above are just an example and can vary for different customers topologies. The table should include all the required protocols and ports, according to the networking topology.