Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot Ping IP Office from remote site over VPN using cisco PIX 501 2

Status
Not open for further replies.
nazmuli

nazmuli

Technical User
Feb 29, 2008
24
GB
Hi Experts,

i am very new to this, and trying to setup a remote avaya 5610SW IP phone to connect to Avaya SOE IP office.

Both sites have a cisco pix 501 and have been configured for a site to site VPN using IPSEC. The VPN tunnel is up and working as i am able to access resources from both sides.

However, from the remote site i cannot ping or communicate with the IP Office.
Hence the IP phone has a discover 192.168.16.10 which is the ip address of the IP office.

I have configured that Lan 1 Ip Settings on the IP office as:
ip address 0.0.0.0, netmask 0.0.0.0, gateway 192.168.16.1 which is the inside IP of the cisco pix 501.

i have also created a separate logic lan the settings are as follows:
IP address 192.168.2.0
netmask 255.255.255.0
DG 192.168.2.1 the ip address of the pix on the remote site.

please can some advise me on what i am doing wrong?

Nazmul
 
Sort by date Sort by votes
nazmuli,

I would double check the subnet and gateway settings (Default Gateway) on the IPO main unit. May as well double check on the 5610SW too.

Are you able to ping from the IP Office side to the IP of the 5610SW phone?

 
Upvote 0 Downvote
hi

"i have also created a separate logic lan the settings are as follows:
IP address 192.168.2.0
netmask 255.255.255.0
DG 192.168.2.1 the ip address of the pix on the remote site."

if this route is created in the ipoffice then this is where your problem is.

if the pix is the main gateway at 192.168.16.1 then you do not need any other route than the 1 above, 0.0.0.0/255.255.255.255/192.168.16.1.

the second route is causing a conflict. or at least it should be 192.168.2.0/255.255.255.0/192.168.16.1
 
Upvote 0 Downvote
The Taker,

You are absolutely correct.
I am now able to discover the unit and also ping it from the remote site.

However, the phone it self has a blank screen although i am able to make calls from it.

Any ideas why this could be?


 
Upvote 0 Downvote
1 - try a reboot of the phone
2 - reset the phone (HOLD reset#)and reprogram (dothis last)
3 - can the phone contact the tftp server locally or remote side?
4 -what firmwar is the ipo on and the phone?

 
Upvote 0 Downvote
I too have a PIX (506e) and have had a great deal of problems getting it to work. Some observances:

1) You created a virtual LAN. Why? This is completely not necessary. Let me show you why....

SOE --> 192.168.16.1 PIX -- VPN --> PIX 192.168.2.1 --> 5610
GW 192.168.16.1 GW 192.168.2.1

As your gateway of last resort is each of the PIXs, they will handle all the routing for you. Therefor you need to do the following:
Remove the Virt Lan
Setup DHCP on the remote PIX with the appropriate settings for the remote and add the following line:
dhcpd option 176 ascii MCIPADD=192.168.16.10,MCPORT=1719,TFTPSRVR=ipaddofmanagerPC,VLANTEST=0

Also ad (on both sides):
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719

And for the most important, add (to both sides):
sysopt noproxyarp inside (or the interface you called inside)
If you didn't remove proxy arp for the inside interfaces, the PIX will provide IT'S mac address in lieu of the phones MAC. This is a "no go" for the IP Phones.

Lastly, TheTaker is right. However, a HOLD C L E A R# may be better as this purges absolutely everything from the phone.

Give that a try... I'll bet it will work....
Drew

 
Upvote 0 Downvote
TheTaker,

1) I have reboot reboot the phone. Still not working
2) Not sure exactly how to reset the phone - could you give specific instructions.
3) how can i check if the phone can contact the tftp server?
4) How can i find out the firmware on the IP phone and IP office?


 
Upvote 0 Downvote
press hold then key in reset using keypad

to check level it will show on boot up or press hold and type view
 
Upvote 0 Downvote
I would like to thank you all for your help.
The IP phone is now displaying the correct screen and the phone is working perfectly.

the problem with the IP Phone was related to the fixup protocols

the problem with the IP route was with the logic lan.

You have all been very helpful.

Thank you all

until next time
nazmul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phoneguy427
  • Locked
  • Question
Networked IP office ringing over amplifier 3
Replies
4
Views
608
phoneguy427
phoneguy427
newbietechman
  • Locked
  • Question
IP Office 4
Replies
8
Views
726
Westi
Westi
Mo. Abdullah
  • Locked
  • Question
IP Office : No Audio with Avaya Communicator Softphone using VPN client connection 3
Replies
8
Views
1K
Mo. Abdullah
Mo. Abdullah
TnPtech
  • Question
Avaya IP Office -IP phone issue. 2
Replies
17
Views
1K
MikeeOK
MikeeOK
bignose21
  • Question
Split up IP Office SE 2
Replies
4
Views
388
finest
finest

Part and Inventory Search

Sponsor

Back
Top