Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
2
Helpful
20
Replies

Cannot Upload files between Vlan +ASA Firewall

Go to solution
Manojy
Level 1
Level 1

‎12-20-2023 03:36 AM

Hello,

We have set up separate VLANs for phones and data, with the phone VLAN2 and Data on a native VLAN. I am able to access the phones and UCM IPPBX GUI from the native VLAN, which is on my 192.168.0.0 subnet, to the voice VLAN, which is on the 192.168.70.0 subnet.

Before separating the VLANs, I was able to upload firmware on our IP phones, but after isolating the voice VLAN, I am unable to do so. We have an ASA firewall with two interfaces, one on the 192.168.0.0 and the second one for voice on the 192.168.70.0 subnet. The security levels are the same, and I am able to ping and access the GUI of phones and IPPBX.

Are there any extra commands that I need to add to enable traffic from one subnet to another for uploading the firmware?

Snapshot of the Phone and uploading path attached.

Please assist and advise.

Labels:
Preview file
123 KB
20 Replies 20

Go to solution
paul driver
VIP
VIP

‎12-21-2023 02:16 AM

Hello
I dont see anything from that PT negating access on the FW , The only thing I can think of is both local http server and client need to be in the same LAN ( a bespoke requirement for this type of process) hence why it worked before you created the additional LAN and relocated the phones.

I would suggest check the manufacturer guidelines for local firmware upgrades



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Manojy
Level 1
Level 1
In response to paul driver

‎12-21-2023 02:31 AM

Hello,

Yes before separating the LAN it was connected to the same switch and native VLAN by default but the IP of the interface remained separate and the uploading of firmware worked without issues. After isolating the network keeping data on native vlan and voice vlan2, i am not able to upload and apply firmware through GUI anymore.

The firmware can be done through network using TFTP and i have not used it.

I will ask the manufacturer guidelines.

Regards

Manoj

Go to solution
MHM Cisco World
VIP
VIP
In response to Manojy

‎12-21-2023 02:36 AM

As I mention for previous your post, 
I need to see the topology 
MHM

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Manojy

‎12-21-2023 03:27 AM

Hello @Manojy 
I have since managed to check for you, it does indeed suggest local upgrade needs to be LAN specific  - please se below.. page 5 ( also a screen snippet attached)

https://www.grandstream.com/hubfs/Product_Documentation/Firmware_Upgrade_Guide.pdf


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
57 KB
0 Helpful

Go to solution
Manojy
Level 1
Level 1
In response to paul driver

‎12-21-2023 04:27 AM

Hello Paul,

Thankyou for your time and assistance.Highly Appreciated.

My question remains the same if i can browse the GUI of phone and i get the file path from my inside subnet where the phone can see the folder but it cannot upload and my asa has no restriction in such situation what will be the solution ?

I was looking if without hooking out the phone just browse and upload the firmware.

Brainstorming.

Thanks in advance.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-21-2023 07:06 AM

Hello
as a work around you could put the pc that’s the http server in the same vlan as the ip phones  


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card