05-17-2022 07:13 AM
Dear Team,
I am having a FortiGate IP sec VPN tunnel . I am connecting a cisco phone on the other side of the CUCM and TFTP servers.
I can ping the Cucm Server as well as the TFTP server through the tunnel,
Also, I am able to resolve the hostnames through the DNS servers through the tunnel.
But the phone is not getting registered.
The phone is getting an IP and the traffic is going to the TFTP Server successfully through the allowed policy.
The phone is showing DNS time out where as i could ping the DNS server.
Could someone give me hint of what is going on
05-17-2022 07:23 AM
Maybe DNS traffic is blocked. Just because you can ping the DNS server, doesn't mean DNS traffic is allowed too.
I suggest, you check the FW logs to see, if anything related to the phone's traffic is getting blocked (maybe something else is blocked too).
05-22-2022 11:41 AM
Actually i have checked the FIrewall policy.But the VPN to LAN interface is allowing all services right now.
05-30-2022 04:57 AM
Since this an IPSec tunnel, i suggest you do a wireshark capture of the registration messages coming from the phone.
You might have some packets with DF bit ON and taking in account that the ip-sec tunnel adds overhead to the MTU, you might need to adjust the mtu on cucm to be lower than the default 1500
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide