Redundant VPN Concentrators Chapter 2:
2.2 Redundant VPN Concentrators
You can deploy multiple VPN concentrators for the purposes of redundancy and/or load
Note: Separately apply each license to enable VPN tunnels. Licenses cannot be reused.
Please refer to section 188.8.131.52 for details on making the remote IP phones aware of multiple
2.3 SSL VPN Authentication Mechanisms
The following authentication modes are supported on the VPN Concentrator:
•User name and password validation – The SSL VPN client on the remote phone is
expected to provide the username and password so that they can be matched against
the following databases:
— Local database (default) – A list of valid usernames and their associated
passwords configured for the authentication in the local database by the
— LDAP server database (optional) – This option requires an external LDAP server,
such as Microsoft Active Directory, containing the username and password
information for authentication. LDAP needs to be enabled in the VPN
Concentrator before this database can be used instead of the local database.
•MAC Address White list Validation (optional) – When enabled, a local database of
MAC addresses is used to validate the MAC address of a remote phone. The database
can be populated by the administrators using the GUI. If the MAC address of a remote
phone is not found in this database, then the SSL VPN connection request is rejected.
•MAC Address Blacklist Rejection (optional) – When enabled, a local database of
MAC addresses is used to identify the remote phones that should be denied access to
the network. The database can be populated by the administrators using the GUI. If
the MAC address of a remote phone is found in this database, then the SSL VPN
connection request is rejected.
2.4 Other Features
Understanding of the following features will be helpful in configuring the device:
•IP Address Assignment – A valid pool of IP address from the corporate LAN's
internal (private) IP subnet will be used by the VPN Concentrator to assign IP
addresses to the VPN phones via the virtual PPP connections over the SSL VPN. An
IP address pool has to be preconfigured on the VPN Concentrator by the administrator
so that a valid IP address can be assigned to each VoIP phone connected to the VPN
•Session Timeout – An optional global timeout value for SSL VPN sessions can be
configure by the administrator. Any SSL VPN session will be terminated if it has been
active for the duration of the timeout value.
•Active Sessions – The system maintains a runtime list of all current active SSL VPN
sessions. The administrator can delete one or more active SSL VPN sessions if