02-19-2014 06:31 AM - edited 03-21-2019 08:05 AM
So I have a VPN setup on a customers UC560 that has been working just fine for close to a year. The 525 phone worked well at a remote location for 6 months and has been nothing but problems since.
I have wiped it to factory defaults, updated the firmware to 7.5.5, re-configured it via the wizard in CCA, increased the VPN DHCP pool to 10 from 3, and it tests out fine on our shop network here at work. After that it is 50/50 whether it wants to sync up and work properly off-site. The client brings it to his house where he has cable internet and a basic Linksys router and it boots up, shows the VPN icon on the top bar as connected but just sits at downloading some .xml file. Bypasses the router and same thing so it can't be a weird firewall issue.
I was under the impression that if this phone finds an internet connection it would work. Don't understand all the hit and miss whether it's going to sync up or not.
02-19-2014 01:48 PM
Hi James,
There were a number of issues with the older IOS's regarding SSLVPN. If you are not on 15.1(4)M6, then you will need to upgrade. The version of Anyconnect should be 2.5.6005 web with DART. Also check and make sure that the subnet for the VPN is not the same as any of the other subnets. I hope that helps.
Regards,
Chris
02-19-2014 06:45 PM
Thanks for the response.
I have verified we're on the latest IOS...
Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M), Version 15.1(4)M6, RELEASE SOFTWARE (fc2)
And I always use the 2.5.6005 version of Anyconnect. Not sure about the DART thing.
Thanks for reminding me about the subnet. The client is taking the phone home with him for testing and keeps reporting that the vpn connects but doesn't fully sync up with the phone system. I bet he is on the same subnet of the system. The data VLAN is 192.168.0.X which is common with home routers.
Thanks again,
Jim
02-24-2014 05:17 AM
Well I wiped the phone clean again, ran the wizard, had the client test the phone at home again with the same result. VPN icon shows as connected but it still just loops between downloading those 2 .xml files. So I assumed his home network was just the same subnet as the work 192.168.0.x so I had him send it to the "real" location and it did the same thing. Not sure what's going on but I have no issues here at work on our network testing the phone. If they aren't on the same subnet as the VPN connection what else could be the problem?
02-25-2014 10:04 AM
James,
At the remote verify these settings listed below on the 525.
1 username
2 password
3 public IP address of UC500 gateway
4 enable alternate TFTP server
5 set alternate TFTP server to be 10.1.10.2
6 disable CDP and LLDP autodetect
7 set call control to be SCCP
Regards,
Christopher
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide