Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
0
Replies

Cisco 8851 phones registering through Checkpoint firewall

rhugo
Level 3
Level 3

‎04-08-2015 02:45 PM - edited ‎03-17-2019 02:36 AM

We have a customer with a secured network, using Checkpoint firewalls and have a VPN site-to-site tunnel between our Cisco ASA and their Checkpoint firewall, with Cisco phones on the far side of the tunnel and CallManager 8.6 behind the ASAs.  We have all the proper network ports referenced, but cannot get either a new Cisco 8851 (SIP) or a Cisco 7942 phone to register.  The 8851 phone, when it tries to register, uses the 6970 port for distributed TFTP via HTTP first (by design), followed by TFTP/69.  The 7900 phone never generates TFTP on port 69 at all.  What is also strange is that the source port 5060 on the 8851 phone seems to be masked with an upper ephemeral network port (51566) when the request traverses the network, regardless of it passing through the firewall or a router.  I know that TFTP uses UDP, but there is nothing in the docs that state it uses these upper port ranges?

Is this behavior normal for a Cisco SIP-based phone, and with the Skinny phone, is there something with Checkpoint firewalls that causes issues with Cisco VOIP phones.  I have done key-word searches on the Forum for this issue, but have not found anything significant.  I have also looked at the Nokia support forum, and saw some briefs, but it didn't directly describe our issue.  Any help would b e greatly appreciated.

Thanks,

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents