Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
3
Replies

7945G Won’t register remotely

smoores
Level 1
Level 1

‎12-18-2014 08:40 AM - edited ‎03-17-2019 01:22 AM

We have a number of remote sites connected with ASA5505s and even a few old PIX501s with site to site VPN. Everything works great, routing is flawless and 7940/60s always work perfectly. The “problem” is that 7945Gs won’t register remotely. If I plug in a 7940 to the same remote connection it works flawlessly. If I do a hard reset on the 7945G it will download the firmware again and then register once (and work perfectly); next time it restarts it won’t. The “clue” is that it always works on a PIX501 (even remotely), so it has to be that the 7945G is seeing the ASA5505 (via CDP) and wants to do a phone “proxy” connection with TLS or it is seeing the ASA5505 as some kind of trust point that isn’t trusted. With DHCP option 150 I’m feeding it the address of the SUB and the PUB but the phone shows the address of the ASA as an SRST server. As I can make it work by hard resetting it, it’s obvious that it can work. I just can’t make it survive a power failure.  I’m sure someone must know the answer!  Any help appreciated.

 
Labels:
0 Helpful
3 Replies 3

Aaron Harrison
VIP Alumni
VIP Alumni

‎12-18-2014 08:42 AM

Hi

It probably defaults to using ASA as SRST as it is the default gateway?

Have you tried disabling SCCP inspection on the ASA?


Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

smoores
Level 1
Level 1
In response to Aaron Harrison

‎12-18-2014 08:52 AM

Yes, "no fixup skinny" is part of our standard configuration as the remote sites are just subnets on our internal network so NAT is never happening in any circumstance, no need for SCCP inspection or fixup. Sure, it's just assuming the gateway is an SRTS server (even though it isn't) but maybe it sees it as a trust point that isn't trusted?  I know it's something small and easy to fix.  Oddly it works all the time every time with a PIX501 (I think becuase the 501 is invisible and some how the ASA isn't - must be seeing it with CDP).

0 Helpful

Aaron Harrison
VIP Alumni
VIP Alumni
In response to smoores

‎12-18-2014 03:02 PM

CDP is link local, so unless your phones are directly connected to the ASA they won't see it; they'll see CDP from the switch. And CDP isn't used to configure proxy or any other ASA UC function.

What message is on the screen when it fails?

What messages are in the logs on the phone?

If you have skinny fixup off at both ends (assuming you have head-end ASAs for the VPNs) and there's no clues on the message logs/screen on the phone then it might be wireshark time. I'd capture from the phone end and the server end (utils network capture on CUCM CLI) to see what's going wrong..

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful
Customers Also Viewed These Support Documents