Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

djuplift (IS/IT--Management) (OP)
8 Aug 08 14:03
vpn phone creates the tunnel no problem
It cannot talk to the TFTP server this times out.
then goes directly to discover and sits there.

VPN phone network is not the same as the corp network so this is not the issue.

Any ideas?

her is some sys mon action:

********** SysMonitor v6.2 (4) **********

********** contact made with 10.168.70.34 at 13:03:04 8/8/2008 **********

********** System (10.168.70.34) has been up and running for 1hr, 38mins and 14secs(5894795mS) **********

********** Warning: BINARY File Logging selected **********


********** Warning: BINARY Logging to File STOPPED on 8/8/2008 13:03:04 **********
   5894795mS PRN: Monitor Started IP=10.168.70.111 IP 500 4.2(4) West Music Main
                  (IP Office: Supports Unicode, System Locale is enu)
   5894795mS PRN: LAW=U PRI=0, BRI=0, ALOG=4, ADSL=0 VCOMP=8, MDM=0, WAN=0, MODU=0 LANM=0 CkSRC=0 VMAIL=1(VER=3 TYP=1) CALLS=0(TOT=0)
   5895021mS H323Evt:    Recv GRQ from 0aa84614
   5895021mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   5895021mS H323Evt:    found number <1340>
   5895145mS RES: Fri 8/8/2008 13:03:05 FreeMem=76326620(2) CMMsg=2 (3) Buff=200 955 1000 7454 5 Links=23238
   5895145mS RES2: RTEngine=0, CMRTEngine=0, Timer=51, Poll=0, Ready=0, CMReady=0, CMQueue=0, VPNNQueue=0
   5895915mS PRN: ConferDSP is alive
   5898795mS PRN: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   5898795mS PRN: + loader: 1.3
   5898795mS PRN: + cpu: id 2 board c0 pld 17 type c10 options e02
   5898795mS PRN: + fpga: id 1 issue 0 build 5e
   5898795mS PRN: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   5898796mS PRN: ++++++++++++++++++++   LIST OF MODULES   ++++++++++++++++++++
   5898796mS PRN: +------------------------------------------------------------
   5898796mS PRN: + Slot 1: Base      VCM64     Board=0x05  PLD=0x11
   5898796mS PRN: +         Mezzanine ATM4      Board=0x02  PLD=0x07
   5898796mS PRN: +------------------------------------------------------------
   5898796mS PRN: + Slot 2: Base      NONE     
   5898797mS PRN: +         Mezzanine NONE     
   5898797mS PRN: +------------------------------------------------------------
   5898797mS PRN: + Slot 3: Base      NONE     
   5898797mS PRN: +         Mezzanine NONE     
   5898797mS PRN: +------------------------------------------------------------
   5898798mS PRN: + Slot 4: Base      NONE     
   5898798mS PRN: +         Mezzanine NONE     
   5898798mS PRN: +------------------------------------------------------------
   5898798mS PRN: +++++++++++++++++   END OF LIST OF MODULES    +++++++++++++++
   5900714mS H323Evt:    Recv GRQ from 0aa84614
   5900715mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   5900715mS H323Evt:    found number <1340>
   5902145mS RES: Fri 8/8/2008 13:03:12 FreeMem=76361356(3) CMMsg=2 (3) Buff=200 955 1000 7454 5 Links=23240
   5902145mS RES2: RTEngine=0, CMRTEngine=0, Timer=49, Poll=0, Ready=0, CMReady=0, CMQueue=0, VPNNQueue=0
   5905711mS H323Evt:    Recv GRQ from 0aa84614
   5905711mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   5905711mS H323Evt:    found number <1340>
   5905824mS PRN: ConferDSP is alive
   5910711mS H323Evt:    Recv GRQ from 0aa84614
   5910712mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   5910712mS H323Evt:    found number <1340>
   5915718mS PRN: ConferDSP is alive
   5916405mS H323Evt:    Recv GRQ from 0aa84614
   5916405mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   5916406mS H323Evt:    found number <1340>

 

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

djuplift (IS/IT--Management) (OP)
8 Aug 08 14:29
I get traffic from the phone to the IP500 but not back to the phone from the IP500.. I have a route to my gateway in the configuration.

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

kwing112000 (Vendor)
8 Aug 08 14:36
I have it working on my SSG20. I did not set it up. What are you using for your TFTP server? does it have a way back out to the phone. If your SSg is not the default gateway ffor the TFTP server it may not be able to talk back to the phone. How is your route to the phone? can you ping the phone.

Kevin Wing
ACA- Implement IP Office
Carousel Industries

djuplift (IS/IT--Management) (OP)
8 Aug 08 14:44
TFTP server has the same default gateway, I cannot ping the phone, I see the gatekeeper requests coming from the phone i will post the whole thing...

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

djuplift (IS/IT--Management) (OP)
8 Aug 08 14:51
Here is the H.232 activity

8184111mS RasRx: v=IFace=LAN1, Src=10.168.70.20:49300, Dst=10.168.70.34:1719 peb=0
            RasMessage = gatekeeperRequest = {
              requestSeqNum = 2
              protocolIdentifier = 0.0.8.2250.0.2
              nonStandardData = {
                nonStandardIdentifier = object = 2.16.840.1.113778.4.2.1
                data =
                  85 01 40                                         ..@
              }
              rasAddress = ipAddress = {
                ip =
                  0a a8 46 14                                      ..F.
                port = 49300
              }
              endpointType = {
                terminal = {
                }
                mc = false
                undefinedNode = false
              }
              endpointAlias = { 1 item(s)
                [0] = dialedDigits =
                  31 33 34 30                                      1340
              }
              authenticationCapability = { 1 item(s)
                [0] = pwdSymEnc
              }
              algorithmOIDs = { 2 item(s)
                [0] = 1.3.14.3.2.6
                [1] = 2.16.840.1.114187.1.3
              }
            }
            NonStandardDataMessage = discoveryRequest = {
              natTerminal
            }
   8184111mS H323Evt:    Recv GRQ from 0aa84614
   8184111mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   8184111mS H323Evt:    found number <1340>
   8184112mS RasTx: v=Src=10.168.70.34:1719, Dst=10.168.70.20:49300 peb=0
            RasMessage = gatekeeperConfirm = {
              requestSeqNum = 2
              protocolIdentifier = 0.0.8.2250.0.5
              gatekeeperIdentifier =
                0057 0065 0073 0074 0020 004d 0075 0073  West Mus
                0069 0063 0020 004d 0061 0069 006e       ic Main
              rasAddress = ipAddress = {
                ip =
                  0a a8 46 22                                      ..F"
                port = 1719
              }
              authenticationMode = pwdSymEnc
              tokens = { 1 item(s)
                [0] = {
                  tokenOID = 0.0
                  timeStamp = 8184112
                  random = 20367
                  generalID =
                    0044 0045 0046 0049 004e 0049 0054 0059  DEFINITY
                }
              }
              algorithmOID = 1.3.14.3.2.6
              featureSet = {
                replacementFeatureSet = true
                supportedFeatures = { 1 item(s)
                  [0] = {
                    id = oid = 2.16.840.1.114187.1.10
                  }
                }
              }
            }
   8189107mS RasRx: v=IFace=LAN1, Src=10.168.70.20:49300, Dst=10.168.70.34:1719 peb=0
            RasMessage = gatekeeperRequest = {
              requestSeqNum = 2
              protocolIdentifier = 0.0.8.2250.0.2
              nonStandardData = {
                nonStandardIdentifier = object = 2.16.840.1.113778.4.2.1
                data =
                  85 01 40                                         ..@
              }
              rasAddress = ipAddress = {
                ip =
                  0a a8 46 14                                      ..F.
                port = 49300
              }
              endpointType = {
                terminal = {
                }
                mc = false
                undefinedNode = false
              }
              endpointAlias = { 1 item(s)
                [0] = dialedDigits =
                  31 33 34 30                                      1340
              }
              authenticationCapability = { 1 item(s)
                [0] = pwdSymEnc
              }
              algorithmOIDs = { 2 item(s)
                [0] = 1.3.14.3.2.6
                [1] = 2.16.840.1.114187.1.3
              }
            }
            NonStandardDataMessage = discoveryRequest = {
              natTerminal
            }
   8189108mS H323Evt:    Recv GRQ from 0aa84614
   8189108mS H323Evt:    e_H225_AliasAddress_dialedDigits alias
   8189108mS H323Evt:    found number <1340>
   8189108mS RasTx: v=Src=10.168.70.34:1719, Dst=10.168.70.20:49300 peb=0
            RasMessage = gatekeeperConfirm = {
              requestSeqNum = 2
              protocolIdentifier = 0.0.8.2250.0.5
              gatekeeperIdentifier =
                0057 0065 0073 0074 0020 004d 0075 0073  West Mus
                0069 0063 0020 004d 0061 0069 006e       ic Main
              rasAddress = ipAddress = {
                ip =
                  0a a8 46 22                                      ..F"
                port = 1719
              }
              authenticationMode = pwdSymEnc
              tokens = { 1 item(s)
                [0] = {
                  tokenOID = 0.0
                  timeStamp = 8189108
                  random = 6819
                  generalID =
                    0044 0045 0046 0049 004e 0049 0054 0059  DEFINITY
                }
              }
              algorithmOID = 1.3.14.3.2.6
              featureSet = {
                replacementFeatureSet = true
                supportedFeatures = { 1 item(s)
                  [0] = {
                    id = oid = 2.16.840.1.114187.1.10
                  }
                }
              }
            }


HERE is my Routing table
8191143mS IP Routing Table - section 1
            Destination      Netmask          Gateway          Interface                         Metric Type
            255.255.255.255  255.255.255.255  10.168.70.34     LAN1                               1     I
            224.0.0.0        240.0.0.0        10.168.70.34     LAN1                               1     I
            255.255.255.255  255.255.255.255  192.168.43.1     LAN2                               1     I
            224.0.0.0        240.0.0.0        192.168.43.1     LAN2                               1     I
            10.168.70.0      255.255.255.0    10.168.70.34     LAN1                               1     I
            192.168.43.0     255.255.255.0    192.168.43.1     LAN2                               1     I
            192.168.99.0     255.255.255.0    0.0.0.0          RemoteManager                      1     S
            0.0.0.0          0.0.0.0          10.168.70.245    LAN1                               1     S

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

kwing112000 (Vendor)
8 Aug 08 18:00
is your phone pulling a 10.168.70.x address? is that the same range as the IPO?? It looks like it. If your phone is VPN'd in then you should have a different set of addresses for the outside pool.

Kevin Wing
ACA- Implement IP Office
Carousel Industries

djuplift (IS/IT--Management) (OP)
9 Aug 08 14:44
So your saying the outside pool should be a different subnet?
Such as 10.168.71.X ?

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

kwing112000 (Vendor)
9 Aug 08 15:24
Yes i have always been told it has to be a differnt subnet. that way the IPO knows to send traffic to the firewall and then the firewall forwards to the VPN device. if it was on the same subnet the IPO is going to try to talk directly to it. At least that is my theory. i have never seen one work where they were on the same subnet as the IPO. I actuly have not seen a VPN ever set up that way either. Try changing the pool and then see.

Kevin Wing
ACA- Implement IP Office
Carousel Industries

tanderson3733 (IS/IT--Management)
9 Aug 08 18:05
http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/ipo-jun-ssg5.pdf

It should be a different subnet, created on the Juniper "Objects->IP Pools". The Juniper uses it's own routing to forward traffic from the VPN subnet to the voice subnet. The IP Office must have the Juniper set as it's default route, or if not then the destination for the VPN subnet's route.
djuplift (IS/IT--Management) (OP)
9 Aug 08 19:21
We used that pdf, however i did not configure the juniper i did the phone and the IPO. I will take a look at the juniper config Monday and get the address pool reconfigured and then get back to you.

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

djuplift (IS/IT--Management) (OP)
11 Aug 08 10:38
The ip address pool was the issue we got it working thx guys..

ACA - Implement IP Office
ACS - Implement IP Office
Convergence+  

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close