Just putting it out there, I too have a customer with this same problem. We do not have a solution yet, but we are working on it. I have several SX20s on my network and have no problems with TMS. What version of TMS are you running?
As we discussed, the IP address that the TMS is communicating with is different than the one contained in the system identification. TMS is designed to do this as described in my previous post (snippet from the documentation). I don't know if there is a way to bypass this as according to what you told me the system is indeed behind a firewall from a technical perspective but you have a LAN Tunnel up. The ip that the TMS communicates with is however still different. Maybe someone else here knowns if there is a way to bypass this.
And since you have not filled out the "Behind Firewall" address the system will get to No HTTP status after a while since the system does not know how to reach the TMS with the address the TMS feeds it (blank).
Hope this helps you a little bit at least!
You were correct. The dealer did not have anything in the 'Behind a Firewall' address in TMS, so we put in the proper IP. However even after doing this we still had the same problem. With the help of Magnus we were able to determine that the IP that the SX20 was reporting to TMS was different from the IP in the packet header.
We discussed this discrepancy with their network guy and he determined the IP in the packet header was from their 'Threatwall' appliance. He then added the SX20 IP to the whitelist on the 'Threatwall'. As soon as he did this we were able to add the SX20 without any problems and it stayed as 'Reachable on the LAN'.
Magnus, thanks again for help!
Setting Behind firewall as System Connectivity will make Cisco TMS communicate with the endpoint in much the same way as Reachable on Public Internet, except Cisco TMS will not be able to tell the endpoint to dial and must therefore set up a route where for example an MPS is calling to the endpoint. All communication between the system and Cisco TMS will be HTTP over port 80 or HTTPS over port 443.
Cisco TMS will automatically detect that a system is a SOHO system when the IP address the endpoint reports in status.xml is different from the IP address the HTTP packets are coming from, and the HTTP (port 80) and HTTPS (port 443) ports are closed. Cisco TMS will then set System Connectivity to Behind Firewall.
What does a wireshark trace on TMS and the codec show you in regards to the content of the status.xml or where the packets are coming to/from?