We are running CM 8.6 and have 7942s with 9.3.1 firmware. I recently started deploying about 20 of these phones to home users all over the world and I have another 50 or so to build. However, a number of users are having difficulty with the phones not even prompting to log in to the VPN. Of course everything work just fine in our test lab, but once I send the phones out we run into this problem.
The VPN profiles are set with Auto Network Detect enabled. This is supposed to allow the phone to start the VPN client when it detects it is outside the corporate network. Our corporate phone system runs on 10.10.x.x.
What I am seeing is that the phones are somehow getting the user's default gateway address in the TFTP field, like 192.168.1.1. So the phone can ping that address and then thinks it is internal when it really is not. The phone just gets in a cycle of trying to register to the default gateway.
Why are the phones doing this and how can I make them try the real address?
I am working with TAC. I have changed one of the four VPN Profile we are using to auto detect disabled. The phones in the field however have the enabled auto detect stored on the device. So until they connect, it won't change the setting.
I have confirmed on a couple of phones that setting it to disabled and getting the phone updated does allow the VPN to work, even though TFTP prior to VPN login is still the default gateway.
I would still like to know why it is working like this and to be able to fix the problem without requiring all of these users to ship the phones back.
I got an answer from TAC and the Development Team: "when populated, the phones are using the "Next server IP address" field in the DHCP Offer as their tftp server. This is legacy behavior and the development team is considering removing this is future releases, however at the moment this is working as designed. The solution is to put the alternate tftp on the phone".
I confirmed that after putting the internal TFTP server address on the phone it presented the login screen. I was then able to connect the phohe to the VPN and the phone chaged the Network Auto Detect from Enabled to Disabled.
Table of Contents:
1. Reference URLs
2. Type of Certificates
3. Regenerate certificates that have no CTL/ITL impact [no phone impact]
4. Regenerate certificates that have CTL/ITL impact [medium phone impact]
5. Step to delete expired certif...
I have been using the recent release of the WebEx Desktop App (39.9) which has Wireless Sharing feature. Prior to this, we were using the proximity application for sharing, where we can find the performance logs on the %temp% folder of the client machine....
Cisco Recommends Dual NIC deployment for Expressways. But single NIC deployment can be achieved. Points to be noted for single NIC: > Firewall must support NAT Reflection, if not then you can use dual NATing to achieve NAT reflection on unsup...
Learn how Cisco is transforming how you communicate in the modern workplace with new capabilities like expanded Webex calling, unified app experiences, and intelligent devices and tools.
Webex Unified Platform
Deep Dive Briefings