This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM, RED and Mitel Phones

Currently have a Sophos UTM and Cisco Catalyst switches in the main office. Computers run on default VLAN and receive DHCP address from Windows Server. Phones run on VLAN 10, and recieve DHCP address from the Phone system server. Adding a RED 50 device in a remote office, also attached to Cisco Catalyst switch. The computers there also run on default VLAN, and DHCP address is from the UTM. RED is connecting and tunnel established, computers can talk to everything in home office and remote office just fine. However, phones will not connect. From a computer, I can ping the phone server, and log into it's GUI interface. If found this article, https://community.sophos.com/kb/en-us/132608 and followed the instructions in it .However, when I make the LAN port mode VLAN, I lose all connectivity, both into and out of the remote office. Computers in the remote office no longer pull a DHCP address and phones still can't talk. In the LAN1 VID(s) field I put 1,10 (no spaces). 

One thing I notice, when set up the bridge, it says the converted hardware is the RED device, not eth2 as shown in this example in the doc. I cannot figure out how to change the converted device. I did not add a DHCP entry on the UTM for VLAN 10, since the phone server is the DHCP server for the phones.

Also, does the physical eth2 port on the UTM need to be connected? And if so, to what?

Thanks in advance for any help.



This thread was automatically locked due to age.
Parents
  • Hi Brett and welcome to the UTM Community!

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I am not sure which specific logs are applicable here. The only thing I can find is in the Firewall log ,I see the communication being PERMITTED by my firewall rule. But the connection is never made. (Trying to connect from home office to a device in the remote office). There is nothing in Intrusion Detection or Application Control logs that is applicable.

  • I'm not sure others (including me) are following your explanation of what you have configured.  Please show a picture of the Edit of the RED server and of the Interface defined for it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I got this working. The main problem was i was trying to make the IP address of the RED box one of the addresses inside the VLAN 1 range of IPs. I moved the RED box outside of this range and now everything is working, VLAN tags are coming through and computers and phones are all working.

  • Brett, I don't understand how to warn others to not make the same mistake.  Could you clarify what you mean by "make the IP address of the RED box one of the addresses inside the VLAN 1 range of IPs?"  A stick diagram maybe?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Brett, I don't understand how to warn others to not make the same mistake.  Could you clarify what you mean by "make the IP address of the RED box one of the addresses inside the VLAN 1 range of IPs?"  A stick diagram maybe?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Originally I had the IP address of the RED box as 192.168.2.1 and then DHCP entry for VLAN 1 for 192.168.2.100-192.168.2.200. This seems to have caused an issue, I changed the DHCP for VLAN 1 to 192.168.11.100-192.168.11.200 and now it works. The RED IP address is still 192.168.2.1.