cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
842
Views
0
Helpful
4
Replies

Remote teleworker issue

Damian Halloran
Level 1
Level 1

Hello,

In previous years I have installed a hub and spoke VPN for my client using a 1841 at the hub, and 877s at each spoke and this has worked flawlessly.

Based on a configuration I've used for another client I've installed a UC560 replacing the 1841 as the hub, and two SPA handsets at one of the sites.  Neither handset will register with the UC560 - I did register them at the main site then take them remotely and plug them in but they won't register.  Both are stuck at the Downloading xml files (either default or the one for the MAC address).

I can ping the TFTP server from the remote site.

Can I please have some pointers and suggestions to troubleshoot the issue?

Any assistance greatly appreciated.

4 Replies 4

Darren DeCroock
Level 4
Level 4

Damian,

Are you using the SSL VPN on the SPA phones(525's), or do you have an IPSEC tunnel setup?  If you are using SSL VPN, can you connect with a computer?  If using SSL VPN, does your phone show the VPN connected on the upper portion of the screen?  Do you have split tunneling enabled?

Really need to know that type of VPN connection you are using.

Thank you,

Darren

Damian Halloran
Level 1
Level 1

So it is a site to site VPN using IPSEC between a UC560 and an 877.

I've done a debug tftp packets and debug tftp events on the 560 and can see that requests are being received by the 560 and replied to by the 560 but the phone doesn't appear to be seeing the responses as it keeps asking for the xml config files.

No I'm not using the SSL VPN on the 525.

Is this perhaps an IOS issue?  The 877 is running c870-advsecurityk9-mz.124-24.T2.

Thanks.

Damian Halloran
Level 1
Level 1

Fixed.  It was that I hadn't configured the CUE IP address in the ACL for the VPN which is interesting because this doesn't affect the registration of a 7931 handset.  This is a SPA509G handset so it must need access to CUE to register.

Or maybe there is some other strange reason.

Damian,

I am glad you were able to get it working.

The reason the access to the CUE subnet is required is the default setting of "ip tftp source-interface Vlan90".  So the responses from the UC560 were being sourced from Vlan 90.  I believe that the 7900 series phones will default back to a saved config if they are not able to communicate with the tftp server.  The SPA500's will not.

Thank you,

Darren