Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
8
Replies

CUPS 7.0 and VPN... is there anyway to get it to work?

Tommer Catlin
VIP Alumni
VIP Alumni

‎10-01-2009 07:39 AM - edited ‎03-18-2019 11:46 PM

Mine is sporatic, it's driving me nuts. Sometimes I login and I get the correct presence of myself. I can change from DND to away, etc, idle works, etc. Somewhere in the night, it started to work on its own. I played around with it this morning and it was working. (could not see other status though.) I logged out and logged back in, now it's offline.

ASA is believe is 8.04 SSL vpn. I tried with IPSEC also and not much luck either.

Labels:
0 Helpful
8 Replies 8

htluo
Level 9
Level 9

‎10-01-2009 09:42 AM

Whether it's a CUPS/CUPC issue or a VPN issue is always a debatable topic.

Technically, it's a network issue. But the arguing point is "why other applications work fine except CUPC?"

This is due to the "call-back" in SIP.

For most of other application, the client (your laptop) initiate the connection to server. Server returns traffic to the source port. Most of the firewall/VPN was designed to cater this kind of traffic pattern.

For CUPC, the client tells the server what port the client is listening. Whenever there's an update, the server initiate the connection to the "call-back" port. Most of firewall/VPN will block this kind of traffic because it's considered "intrusion" to the client.

WAN optimizer (WAAS) would also add complexity to the picture. The symptom is TCP handshake failed.

Michael

http://htluo.blogspot.com

0 Helpful

Steven Griffin
Level 4
Level 4

‎10-02-2009 01:27 PM

By default CUPS uses a UDP based SIP Proxy. SIP over UDP tends to get clobbered by firewalls. Change the proxy to use TCP based signaling instead, under the Personal Communicator section, and see if that doesn't make your CUPC client behave better.

Please help us make the communities better. Rate helpful posts!
0 Helpful

Tommer Catlin
VIP Alumni
VIP Alumni
In response to Steven Griffin

‎10-02-2009 01:31 PM

The default is TCP. in the SIP proxy I changed from UDP to TCP also, but no change.

0 Helpful

Steven Griffin
Level 4
Level 4
In response to Tommer Catlin

‎10-05-2009 09:23 AM

When I troubleshoot Cisco Presence I generally start at the same switch the server is connected to and verify functionality. Then I go downstream to the next switch and so on until it breaks. From there you can figure out what the switch/router/firewall/VPN is doing to Presence.

Please help us make the communities better. Rate helpful posts!
0 Helpful

nwkotze
Level 1
Level 1

‎10-05-2009 09:12 AM

If you look at the Server Health in CUP Client, you will see the Client unable to connect to presence. If so edit the host files of the OS and include the fully qualified domain name of The CUP Server.

Also make sure DNS is configured properly Inc DHCPLease the VPN Client get, CUCM, CUPS etc... It's all DNS!! Also best to upgrade to the latest CUPS update! Nico

0 Helpful

arlincurtis
Level 1
Level 1

‎10-05-2009 09:33 PM

I had the same issue. Telling the ASA not to inspect SIP traffic under my global_policy solved it. Just depends if you want to do that or not..

0 Helpful

Tommer Catlin
VIP Alumni
VIP Alumni
In response to arlincurtis

‎10-06-2009 07:06 AM

yeah, we turned that off also but it still bounces the presence status up and down. thanks!

0 Helpful

arlincurtis
Level 1
Level 1
In response to Tommer Catlin

‎10-07-2009 04:00 PM

Sounds similar to this bug

CSCsx73329

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents