Meraki

Community

Creating a VPN For Alcatel VOIP Handsets

Solved
Gux
Here to help
‎Jul 8 2025 8:15 AM
‎Jul 8 2025 8:15 AM

Creating a VPN For Alcatel VOIP Handsets

I’m looking to set up a VPN back to the Meraki Firewall, where our Alcatel PBX (Phone System) is connected to. This is for Alcatel VoIP handsets and would appreciate any guidance or documentation you can share. The handsets are very basic and will be connected from home networks, so no static IP. Is there a way to create a VPN like this with the Meraki MX-67? 

Thanks in advance for your help.

0 Kudos
1 Accepted Solution
In response to Gux
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 28 2025 6:48 AM
‎Jul 28 2025 6:48 AM

Meraki Client VPN is L2TP. I don't believe aggressive mode is supported, as to force encapsulation, I do not know. I'm guessing not as it's not used for regular clients.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

13 Replies 13
Blue_Bird
Getting noticed
‎Jul 8 2025 8:24 AM
‎Jul 8 2025 8:24 AM

Check this:

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peers

0 Kudos
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 8 2025 8:26 AM
‎Jul 8 2025 8:26 AM

Here is how to setup client VPN: https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview



Do alcatel phones support doing a VPN directly from the phone? If not or if they don't support the options that Meraki supports, you will need a device to do it, I would suggest a Z3 : https://meraki.cisco.com/product-collateral/z-series-datasheet/?file

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
Gux
Here to help
‎Jul 8 2025 8:40 AM
‎Jul 8 2025 8:40 AM

Hello, 

You are able to do a VPN directly from the handsets. We did have them working on a different solution, where you enter the Public IP of the office, username/simple password and then PSK. This was then able to establish a connection back. 

In response to Gux
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 8 2025 8:44 AM
‎Jul 8 2025 8:44 AM

In theory Meraki client vpn will allow that to work. As long as Alcatel supports the same cryptography settings Meraki does.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
Gux
Here to help
‎Jul 13 2025 1:09 PM
‎Jul 13 2025 1:09 PM

In theory it should, but I'm not sure you can create a "username" without the need of an email? Are we able to do this? 

0 Kudos
In response to Gux
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 13 2025 3:10 PM
‎Jul 13 2025 3:10 PM

No, but couldn't you create a single email account and have all the phones use the same one? You could also create a distribution group and just add aliases to it if you want separate logins. There is no requirement that it actually be separate email accounts.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
Gux
Here to help
‎Jul 14 2025 12:10 AM
‎Jul 14 2025 12:10 AM

The issue is, I cannot enter email addresses on the Alcatel Handsets. For Reference this is what is currently entered on the handsets, I cannot see a way to do this with meraki, without purchasing any other equipment. 

 External IP address: (PUBLIC IP)
 PSK details: PSK Password
 VPN Authentication username & password details
 Username: 209
 Password: Password for User 

0 Kudos
In response to Gux
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 14 2025 6:46 AM
‎Jul 14 2025 6:46 AM

If alcatel doesn't support typing the AT symbol for usernames or other punctuation then you could setup RADIUS authentication for the VPN. You can use other styles of usernames with that.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
Gux
Here to help
‎Jul 28 2025 5:47 AM
‎Jul 28 2025 5:47 AM

Hello Mloraditch,

 

Thank you for your support on this. I have been able to obtain a handset which allows me to enter the "@" symbol. 

 

However, I am still unable to establish a connection. This does work on my PC, from the same network. Can you advise if Meraki uses IKEV1/2 and if aggressive mode or force encapsulation needs to be enabled. 

0 Kudos
In response to Gux
Mloraditch
Kind of a big deal
Kind of a big deal
‎Jul 28 2025 6:48 AM
‎Jul 28 2025 6:48 AM

Meraki Client VPN is L2TP. I don't believe aggressive mode is supported, as to force encapsulation, I do not know. I'm guessing not as it's not used for regular clients.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
Gux
Here to help
‎Jul 29 2025 5:03 AM
‎Jul 29 2025 5:03 AM

Ah okay, I was under the impression that Meraki uses IPSEC VPN and was trying to provision the Alcatel Handsets which use IPSEC and IKEV1/2

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 8 2025 8:28 AM
‎Jul 8 2025 8:28 AM

In this case, you would have to configure a tunnel between the ISP's modem and the MX, and since it is a home network, I don't believe that all ISPs will allow you to configure this.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peers

 

Another option would be to create an inbound NAT on the MX for your Alcatel's IP, but I personally think this is insecure, since you would have to open it to any source since you are using dynamic IPs.

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

 

The best way I see is if you could make an MX available for each location and then work with Meraki's Auto VPN.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 8 2025 3:37 PM
‎Jul 8 2025 3:37 PM

The easiest option is to deploy Merai Z4 teleworkers.  They plug into the back of the user's home Internet router and will automatically build a VPN tunnel back to the MX.

 

Additionally, they also feature a PoE port, which can be used to power a phone.

https://documentation.meraki.com/MX/MX_Overviews_and_Specifications/Z4_Datasheet

 

Because I like reliable systems I don't have to touch - I would definately be doing this.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.