Anyconnect for VPN Phone issues

Joe Price · ‎08-14-2012

Hello,

I have an ASA setup with Anyconnect for VPN Phone. The setup works great on comcast but for some reason the phone fails on FiOS and we cannot figure out why. I typed the url the phone uses into a web browser: https://< ip address of ASA>/VPN_PHONE and I was returned a bad url of : https://< ip address of ASA>/+CSCOE+/wrong_url.html. This only happens on FiOS (we tested it on more then one location with same results.) On all comcast and verison internet services the phone works fine. Any suggestions or directions I should go in?

Also when connecting a phone at home if it sees a tftp server it immediatly tries to register and never goes into vpn mode unless the tftp address in network settings is modified to a bad address. Anyone know how to get around that?

Thanks!

Joseph Martini · ‎08-14-2012

Maybe a packet capture from the source and the ASA might shed some light on why FIOS is failing. As for the phone not establishing the VPN, the phone when using auto detect for the VPN will try and ping (ICMP) the IP address of the configured TFTP server on the phone. If it gets a response it assumes it's internal and does not start up the VPN. I would think that this should only be a problem if the TFTP IP is a common home use address like 192.168.1.1.

Joe Price · ‎08-14-2012

I'll have to look into the packet capture. As far as the tftp you are right on the money. The tftp address is usually 192.168.1.1 which is pingable so the phone constantly tries to register and you have to manually give it a bad tftp address so it goes into VPN mode.