Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Phone Issue

Status
Not open for further replies.
fortage

fortage

MIS
Jun 15, 2000
329
US
IP 500 4.2(4)
5621SWIP Phone
Cisco 3000 concentrator

The phone's display gets stuck at "Discover 172.18.204.10" which is the IP Office. The VPN is established but I may be missing or have an incorrect route possibly. I've added a route from the Manager server to the VPN concentrator via DHCP pool subnet " 172.18.253.0 255.255.255.0 172.18.204.3 172.18.204.202 1" and an ip route via Manager IP -172.18.253.0 Gateway 172.18.204.3 Destination LAN1. What am I missing?
 
Sort by date Sort by votes
Sounds right.. What about a PC connected to that VPN can it ping the IPO??

Kevin Wing
ACA- Implement IP Office
Carousel Industries
 
Upvote 0 Downvote
I don't see the options required. Below are the Cisco settings per the Avaya docs. They are not available via XP VPN.

P1 - IKE Pre-Shared Key 2 AES-128 SHA-1 86400 IKE-AES128-
SHA
P2 - IPSec ESP 2 AES-128 SHA-1 86400
 
Upvote 0 Downvote
u may need to enter into your VPN phone a virtual IP address - per your VPN pool...are you familiar with the screen on the telephone where you can do that?
 
Upvote 0 Downvote
u can also open up MONITOR and or MANAGER TFTP tool - to see if your phone can communicate with the voice network...
 
Upvote 0 Downvote
your phone is not getting a virutal IP address from your VPN dhcp pool...statically assign a virtual ip address to your phone (using an address from your VPN pool) - on the correct page on the telephone (next to the PROTECTED NETS) screen...)
 
Upvote 0 Downvote
The concentrator indicates the the phone does receive a virtual IP address. The Cicso client that I installed on a PC receives an IP as well.
 
Upvote 0 Downvote
Ok - Open MONITOR and check all your H.323 traffic trace options - then open MANAGER - and launch the TFTP tool - or if you are using a 3rd party like Solar Winds - then unplug your phone and plug it back in - you should see that the phone is trying to communicate with the IP Office and watch the traffic...

I know your Cisco VPN 3000 Concentrator will say that the phone is getting a virutal IP address from your VPN pool - but in reality, it isn't.
 
Upvote 0 Downvote
have you paid for your VPN phone license - with Avaya/Avaya BP???
 
Upvote 0 Downvote
Yes, I have paid for the license.

The tftp log reports
Tuesday, October 21, 2008 10:01:13 AM : Log started
Tuesday, October 21, 2008 10:02:35 AM : Received BOOTP request for 001d097b14d5, 172.18.204.196:68, unable to process
Tuesday, October 21, 2008 10:11:15 AM : Received BOOTP request for 001d097b14d5, 0.0.0.0:68, unable to process
Tuesday, October 21, 2008 10:14:20 AM : Received BOOTP request for 001d097b14d5, 172.18.204.196:68, unable to process
Tuesday, October 21, 2008 10:16:10 AM : Received BOOTP request for 0019b9578268, 0.0.0.0:68, unable to process

The only H323 events I see in the Monitor are "332279374mS H323Evt: Recv: RegistrationRequest c0a8de03; Endpoints registered: 4; Endpoints in registration: 0" and I'm not certain they refer to the particular IP phone in question.

Also after the phone establishes the VPN it gives a TFTP error "Unknown" then it hangs at Discover 172.18.204.10.
 
Upvote 0 Downvote
OK, finally got it working. The VPN config needed tweaking to pass traffic.
I noticed that VPN extensions in Manager require a hard coded IP address. How is that possible when using DHCP via the VPN device?
 
Upvote 0 Downvote
I have actually exactly the same problem and it seems you could resolve it.

But what do you mean with "The VPN config needed tweaking to pass traffic"..? Was that a special setting on the firewall?
And have you had to set a static IP for the extension in the IPO Manager? If so, which ip range have you chosen, voice, data or the virtual one from the vpn?
 
Upvote 0 Downvote
DISABLE CISCO FIXUPS :)

This nailed me for about 10 hours of troubleshooting and then I disabled the cisco fixups for h323 and others and that fixed it. Do a search for VPNRemote and I know I had a long discussion thread somewhere on this topic.
 
Upvote 0 Downvote
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719

enter those in the Cisco.

ACS - IP Office Implement
 
Upvote 0 Downvote
Do not forget the nofixup protocol tftp 69
Otherwise it will not upgrade or pull the 46xxsettings.txt file !


ACA - Implement IP Office
ACS - Implement IP Office
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gkittelson
  • Locked
  • Question
R12 phone update issue
Replies
1
Views
428
bob10752000
bob10752000
WirSysPlus
  • Locked
  • Question
VPN hardware
Replies
0
Views
278
WirSysPlus
WirSysPlus
DiscLight
  • Question
Analog Unsupervised Disconnect issue 4
Replies
8
Views
605
Nortel4Ever
Nortel4Ever
tnestel
  • Locked
  • Question
One way audio issue
Replies
8
Views
525
derfloh
derfloh
kgoth
  • Locked
  • Question
ACO Phone Directory hatred
Replies
2
Views
404
kgoth
kgoth

Part and Inventory Search

Sponsor

Back
Top