05-11-2011 12:35 PM - edited 03-21-2019 04:04 AM
Hello, I have a user with a remote SPA525G2, VPN connected to a UC540.
The user is experiencing the phone "locking up". The buttons do not respond.
The screen appears normal with the user extension but there is no dial tone when the handset or speaker button is raised or pressed.
Has anyone seen this before? If so, what was done to check or resolve this issue?
Thank you, Paul
05-11-2011 04:14 PM
Hi Paul,
How's the Internet link at the remote site?
Have you checked/debugged the VPN link?
What phone load are you using?
Is it a EZ_VPN or an SSL setup?
Cheers,
David.
05-12-2011 11:05 AM
David:
How's the Internet link at the remote site?
The internet in cable modem (3Mbps down/ 1Mbps up). SA520 creating the L2L VPN. SPA525G2 IP phone (nothing plugged into data port).
Have you checked/debugged the VPN link?
Yes, Level 2 Engineers have done so. If you can see the notes in SR 617573629, do so. There should be what you need here.
What phone load are you using?
Phone load is currently 7.4.6
Is it a EZ_VPN or an SSL setup?
As mentioned above a Lan to Lan VPN between the SA520 and the UC540 was created. We were experiencing extreme packet loss with the SSL-VPN created by the SPA525G2.
Config attached. Thank you.
05-12-2011 03:10 PM
Hi Paul,
Mate thanks for the config it helps a lot
Sadly I am not a Cisco employee so I cannot see the case notes unless it is open for public viewing? (And still do not know how to check it )
I really cannot find any fault with your (A) end "UC540" your ACL's look right and there is CoS it is setup as well, although you may need to look at setting up some strict QoS rules in there, you should have a play with this in CCA.
The concern for me is the (B) end "SA520" I would be interested to know the level of QoS/CoS that is setup at that end, It is my understanding that Cable networks are usually pretty sturdy, however they are a neighborhood network and the bandwidth is shared with all the other users attached to the head-end, if this becomes saturated it will effect the delivery of packets, hence why I went back to xDSL services.
If you remove everything of (B) ends network and just have the SA hooked up and the VPN tunnel going, what are the response times to the (A) end? Can you do pings and set the size to 1024 and repeat it for 10000 times and provide stats on that or does the SA520 not give this capability? (Sorry for not knowing this but I don't use the SA routers only the 800 series).
What I can tell you is that too many dropped packets will cause the phone to be in a locked state especially with the "Heart Beat", I don't know if 7-4-8 resolves this or not, but even a 7931 phone did this to us some 18 months ago with a client where all 15 remote sites where pure IP over an EZ_VPN tunnel back to the HQ. On the 877's we applied some aggressive rules to ensure that the phone always had right of way, this reduced the issue dramatically but did not entirely remove it, does the SA520 allow you to apply hard rules?
Sorry I dont have any hard and fast answers for you right now, normally I like to diag a network so I can do certain tests, even Wireshark it if possible.
Cheers,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide