Avaya One-X Mobile implementation for Android and iPhone

Implementing Avaya’s One-X portal is pretty painless, until you want to deploy this to the Android and iPhone clients when these clients are outside of your network. The clients will also work within your local network. Here is our experience and solution. Your mileage may vary depending on the resources available to you.

In this article;
I assume you are familiar with Avaya IP Office Systems, IP Addressing, DNS and TCP/IP ports, and Port forwarding. If this is not the case, do this first. Nothing I say will make sense until you have a grasp of the basics.
Internal means the local network.
External means the Internet or anything on or beyond the public (or outside) interface of the NAT firewall
IPO means the Avaya IP Office system unit
FQDN means Fully Qualified Domain Name

If you only have one Internet connection, you can put a switch between the ISP and your router. You will have to obtain a second IP address from your ISP for the IPO. It is also possible to use a router with multiple interfaces to accomplish this.

All IP addresses and domain names are fictitious and any resemblance to anyone’s network is purely coincidental

First, the specs. We are implementing One-X version 9.0.0 with an Avaya IPO 500. Our network is behind a NAT firewall built in a Cisco 3600 series router. I will not go into the setup and installation of the One-X Server or the IPO, other than the specific issues regarding this implementation. The Documentation for this is actually pretty good with the exception that the documentation is somewhat vague in how it refers to either the One-X server or the IPO. They are both referred to as “server” in the documentation, which leads to some of the confusion I will try to clear up here.

The following diagram will help explain the setup. It is referenced throughout this article:

Avaya_One-X_Mobile_On_Wan

in this article;
Internal means the local network.
External means the Internet or anything on or beyond the public (or outside) interface of the NAT firewall
All IP addresses and domain names are fictitious and any resemblance to anyone’s network is purely coincidental

Notice that we are using a “Split DNS” configuration which simply means that we have DNS records for domain.com on our internal DNS server(s) as well as external DNS server(s). The Internal DNS Server has the records that point the Fully Qualified Domain Name (FQDN) of each server to the internal IP addresses and the External does the same with the external IP addresses. It is important that these names and addresses be established before doing any configuration of the IPO or the One-X Server.

In our example the following DNS records were created;
Internal DNS Server ‘A’ Records
ipo.domain.com -> 192.168.0.41
one-x.domain.com -> 192.168.0.42
External DNS Server ‘A’ Records
ipo.domain.com -> 78.24.156.41
one-x.domain.com -> 64.58.97.12


Configure your NAT Firewall:

Your firewall configuration will vary between makes and models of firewalls. I cannot, in an article like this explain every method to create these port forwarding rules. Read your firewall documentation and follow their procedures to ensure that the following TCP ports are all forwarded to your One-X Server:
TCP 5222
TCP 5269
TCP 8080
TCP 8444
There is no need to forward any of the ports needed for the IPO since it will be using it’s own Internet connection.

Once our DNS records are all created properly and our NAT firewall port forwards are completed, we can use this information to get our One-X and IPO configurations completed.

One-X Server:
The One-X installation is pretty straight forward. Follow the installation instructions given in the documentation. While the documentation tells you to populate the XMPP domain name on the server, it does not clarify if this is the One-X server or the IPO. The XMPP domain name is the name of your One-X server. In this case: one-x.domain.com. Do not use an IP address here.

Log on to the One-X portal administration and navigate to Configuration->IM/Presence Server. Then populate the XMPP domain Name with ‘one-x.domain.com’:
One-X_XMPP_Config

That’s it for the One-X Server now on to the confusing arena of the IPO….

IPO:
Configuring the IPO takes a bit of planing and a good understanding of IP routing. In our case, we are going to use the LAN1 interface for the internal network and the LAN2 interface for the external network. The Lan2 Interface is connected to the public Internet without a firewall or NAT device. for this reason, I HIGHLY recommend that your first change the Administrator password.

Log on to your IPO and go to the System Menu, then:
Lets configure the LAN1 Interface First:

  • Lan Settings Tab:
    • Set your IP Address and IP Mask.  In our case 192.168.0.41 255.255.255.0
    • Set the Primary Trans. IP address to your Gateway address for your network. In our case 192.168.0.1  (This is not always your gateway address, which is why it is not named as such.  Read the Avaya IPO help for a better explanation of this setting)
    • Choose a RIP Mode, this will help the IPO build its routing tables by obtaining this information from other routers. Make sure this mode matches your Internet router.

IPO_LAN1_LANTab

  • VOIP Tab:
    • Use the image below and replicate the settings
    • Ensure that SIP Remote Extn Enable is unchecked. This can only be checked on the Lan1 Or Lan2 Interface. since we will be using it on Lan2, it must be disabled here.
    • Notice the domain name. This is the ipo.domain.com in our example. Again this is where the documentation gets vague.

IPO_LAN1_VOIPTab

  • Network Topology Tab:
    • Simply change the Firewall/NAT Type to Open Internet everything else should be left at defaults.

IPO_LAN1_NT_Tab

Now, LAN2:

  • LAN Setting Tab
    • Set the External IP Address of the IPO.  In our case 78.24.156.41
    • Set the IP Mask, your ISP will tell you what this is.  Ours is 255.255.255.248
    • Leave the Primary Trans. IP Address set at 0.0.0.0
    • Set the Firewall profile to  <None>.  You can build an apply a firewall profile to use here, but it’s not necessary as all traffic is encrypted anyway, and you did set a strong Administrator password, right? (If you do choose to build a firewall, make sure you open all of the ports listed on the VOIP Tab.
    • Set the RIP Mode, RIP1 usually works with most ISP’s

IPO_LAN2_LAN_TAB

  • VOIP Tab
    • Just match up with the image below

IPO_LAN2_VOIP_TAB

  • Network Topology Tab
    • Stun Server Address is not important, in this scenario and is ignored because of the Firwall/NAT Setting.  Read the IPO help to understand why.
    • Firewall/NAT Type is set to Open Internet.  You did remember to reset that Administrator password, right?
    • Public IP address is the same address you gave on the LAN Settings Tab In our case 78.24.156.41
    • Populate the UDP port with 5060
    • Populate the TCP Port with 5060
    • Populate the TLS port with 5061 – Certificate setup is not important because iPhone will not use TLS and Android simply ignores certificate errors. (which is a good argument for using an Android)

IPO_LAN2_NT_TAB

Next, we configure IP Routes:

  • For this config we will need to add 2 routes under the IP Route Menu
    • The First Route is for a default Gateway.  We want this to be the WAN interface on the IPO
      • IP Address -> 0.0.0.0
      • IP Mask -> 0.0.0.0
      • Gateway IP Address -> 78.24.156.41
      • Destination -> LAN2
    • The Second Route is to tel the IPO where the local network is.  (For the life of me, I cannot figure out why this is necessary, but it works)
      • IP Address -> 192.168.0.0
      • IP Mask -> 255.255.255.0
      • Gateway IP Address -> 192.168.0.41 This is the IP address of the LAN Interface, not your firewall/router!
      • Destination -> LAN1

Avaya One-X Mobile IPO Application

The Server ID is the FQDN of your One-X server.  Ours is one-x.domain.com your user name and password are the same as configured in the IPO user menu.

Now, as long as you have all of the proper licensing, your should see the Avaya One-X Mobile Application show fully connected and ready to go!

 

 

2 Replies to “Avaya One-X Mobile implementation for Android and iPhone”

  1. Frank
    Just had an Avaya Business Partner supposedly configuring this on our system, however, it failed, so I have been looking for a “real” example of the setup. You have given a good write up which is in the most part clear.

    What is not clear is that you indicate that you need 2 physical internet connections one for IPO domain and one for ONEX domain, is this actually required, can’t you just use the 1 internet connection and have external DNS pointing to that one static IP address? I currently only have one internet connection with one static IP address at present.

    I note that you say:

    “If you only have one Internet connection, you can put a switch between the ISP and your router. You will have to obtain a second IP address from your ISP for the IPO. It is also possible to use a router with multiple interfaces to accomplish this.”

    The first 2 sentences in the quote above are slightly contradictory and I am not sure I interpret them correctly, can you explain what you mean.

    Thanks for your assistance.
    Regards
    Mark

    • Hi Mark,

      To clarify the one internet connection, I meant physical connection. Most ISP’s will allocate more than one IP address to your connection if you request it. If you are using a DSL connection, your modem will need to be in bridge mode, then install a switch behind the DSL modem and then a router behind that for your network. Use another port on the switch behind the DSL modem to connect to your Avaya IP Office WAN port. Then you simply assign one of the IP’s from your ISP to your routers outside interface and a second IP to your Avaya IP Office’s WAN interface and you are all set.

      This method also works with Cable modems and Metro Ethernet.

      I hope that clears that up for you.