Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
3
Replies

Cisco Phone not getting Registered through Fortigate IPSec VPN tunnel

FayasSalam95
Level 1
Level 1

‎05-17-2022 07:13 AM

Dear Team,

I am having a FortiGate IP sec VPN tunnel . I am connecting a cisco phone on the other side of the CUCM and TFTP servers.

I can ping the Cucm Server as well as the TFTP server through the tunnel,

Also, I am able to resolve the hostnames through the DNS servers through the tunnel.

But the phone is not getting registered.

The phone is getting an IP and the traffic is going to the TFTP Server successfully through the allowed policy.

The phone is showing DNS time out where as i could ping the DNS server.

 

Could someone give me hint of what is going on

 

 

 

0 Helpful
3 Replies 3

b.winter
VIP
VIP

‎05-17-2022 07:23 AM

Maybe DNS traffic is blocked. Just because you can ping the DNS server, doesn't mean DNS traffic is allowed too.

I suggest, you check the FW logs to see, if anything related to the phone's traffic is getting blocked (maybe something else is blocked too).

0 Helpful

FayasSalam95
Level 1
Level 1
In response to b.winter

‎05-22-2022 11:41 AM

Actually i have checked the FIrewall policy.But the VPN to LAN interface is allowing all services right now.

0 Helpful

Nuno Melo
Level 4
Level 4

‎05-30-2022 04:57 AM

Since this an IPSec tunnel, i suggest you do a wireshark capture of the registration messages coming from the phone.

You might have some packets with DF bit ON and taking in account that the ip-sec tunnel adds overhead to the MTU, you might need to adjust the mtu on cucm to be lower than the default 1500

0 Helpful
Customers Also Viewed These Support Documents