Friday, August 2, 2019

ShoreTel: How to configure a ShoreTel IP400 series VPN phone and EGW user

Here are some step by step instructions on how to configure a ShoreTel IP 400 Series phone to use with an Edge Gateway. When setting up a VPN phone for a user I always connect the phone to the network at HQ or a remote site first so that the phone can register with the server, download any firmware and config files, ect, before configuring as a VPN phone. I know you are supposed to be able to just configure it and it should just work but I have not had much success with that working.


  1. Connect the ShoreTel phone (IP400) that the user will be using to the local phone network to make sure it gets the latest config and firmware update
  2. On the back of the ShoreTel phone write down the MAC address
  3. Log in to ShoreWare Director
  4. Go to Administration => Users => Users
  5. Find the user you would like to configure to use a Remote phone
  6. Click on the telephony tab
  7. Place a check mark next to Enable remote phone authentication
  8. Click Save
  9. Navigate to Administration => Appliance/Servers => Platform Equipment
  10. Find the Edge Gateway under the name column and click on it (The name should have a line under it making it a hyperlink)
  11. The Edge Gateway web page should open
  12. The default login is admin and ShoreTel
  13. Click Configuration from the top of the page
  14. Click on Phones from the left navigation panel
  15. Click the Allowed List link
  16. At the bottom of the page click the Add button
  17. In the MAC address box put the MAC address of the phone you are going to use
    1. i.e. 00:10:49:00:00:00
  18. In the Phone Name box enter a name ( A description, I usually enter the phone model)
  19. In the User ID box enter the Extension number of the user that will be using that phone
  20. Click apply
  21. With the phone on hook, press the MUTE button followed by 4636# (INFO#)
  22. Enter the Admin password 1234# (If asked)
  23. Press the down arrow key until you reach Diagnostic and then press Open button (Button under screen on left side)
  24. Press the down arrow key until you reach clear configuration and then press Open
  25. Press the Clear button
  26. The phone will reboot
  27. Watch the phone screen and when you see the phone ask you to press any key for set up press the # key
  28. You will be asked for a password enter 1234#
  29. Press the down arrow key until you reach the VPN and then press Open
  30. Set Use VPN to “ON” by pressing the Toggle soft key
  31. Press the down arrow to select VPN Gateway
  32. Set the VPN Gateway value to the public IP or FQDN of your Edge Gateway (By using the keypad numbers and the * key )
  33. Press the Back button (Button under the screen on the right side)
  34. Press the Apply button (Button under the screen on the right side)
  35. The phone will reboot
    1. User experience may very a little bit after this point as not all systems act the same
  36. The phone will say Connecting to VPN (sits here for a bit) 
  37. The phone will say Unable to connect to VPN (sits here for a bit)
  38. The phone will say Server certificate could not be verified press the OK button (Button under the screen on the right side)
  39. The phone will say Connecting (sits for bit)
  40. The phone will say Requesting Service (for a bit)
  41. The phone will say Available or your user info

This is a licensed based usage so make sure you have Remote Phone licenses available to use or get some if you do not. If you don't have the license you can still configure this but if you don't remove it within the 45 day trial period your ShoreTel system will be locked and you wont be able to make any changes to it. You will need to buy the licenses you are over and apply them to the system to unlock it or have ShoreTel unlock you system and this comes with a fee.