Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2617
Views
0
Helpful
28
Replies

UC520/Fortinet, remote office setup

compenviron
Level 1
Level 1

‎09-16-2013 09:00 AM - edited ‎03-21-2019 07:46 AM

Hi,

I`m very new to cisco products, and I`m having trouble setting up the 7940 phones in our remote offices.

In our main offices, I setup a UC520 and five 7940 phones, which are all working great. The uc520 is behind a fortinet firewall.

In our remote office, there is the same fortinet firewall, and a VPN tunnel is created between them. our main office has the ip address of 192.168.0.XX, and the remote office has 192.168.9.xx, thru the vpn tunnel the computers can access the server in our main office.

The phones in our main office has ip addresses of 10.1.1.xx, and the DHCP Server, TFTP server are both 10.1.1.1.

I tried to set the 7940`s IP address in the remote office  to 192.168.0.xx, or to 192.168.9.xx, or to 10.1.1.xx, all to no available.

The phone seems to be stuck at "configuring cm list" everytime.

What should I do to make the remote phone working?

I used CCA to setup the uc520 and never tried CLI.

Thanks!

Labels:
0 Helpful
28 Replies 28

johschaf
Level 4
Level 4
In response to compenviron

‎10-28-2013 02:13 PM

Hello,

This would indicate the UC has a DSL connection on the WAN:

ip route 0.0.0.0 0.0.0.0 Dialer0

Does the UC have a WAN connection or has that been removed and migrated over to the Fortinet?

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-28-2013 02:22 PM

No the UC520 is not connected to WAN.

the setup is DSL modem--------Fortinet--------Switch-------UC520.

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-28-2013 02:44 PM

Hello,

Ok, then delete the existing static default route and replace with the route I suggested earlier:

The static default route should look like: 0.0.0.0 0.0.0.0 192.168.0.99

Destination: 0.0.0.0

Netmask: 0.0.0.0

Gateway: 192.168.0.99 <- I'm assuming this is the local IP of the Fortinet at the main site.

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-29-2013 05:54 AM

Hi John, I have set the route you sugguested. But now the "outgoing interface" for the route I added is empty. What`s next?

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-29-2013 10:02 AM

Hello,

What do you see in the CLI for the IP route configuration?

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-29-2013 10:13 AM

ip route 0.0.0.0 0.0.0.0 192.168.0.99

ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0

That`s what I got now.

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-29-2013 10:22 AM

Hello,

The routing statements appear correct. Can you ping across the VPN on the data network now?

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-29-2013 10:29 AM

Well there is nobody in the remote office right now, I will post back after I got the ping results. I can use the "troubleshoot"-----"network diagnosis"-----"ping" to ping the gateway of the remote office(192.168.9.99) successfully.

Assuming the remote office can ping the UC520(192.168.0.55), what else do I need to do to make the remote phone working?

Thanks,

Peter

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-29-2013 10:32 AM

Hello,

So in CCA you can ping the remote Fortinet? If so, it sounds like the data VPN is working.

In order to get the phones registered, you also need to permit the voice and voicemail networks in the allowed VPN networks. Have you done that yet? If so, then you need to have the phones configured on the UC. Finally, you need to configure the TFTP server on the phones to point to the voice vlan IP of the UC.

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-29-2013 10:49 AM

Yes I can ping the remote fortinet. The problem is I don`t see any allow/deny VPN networks in the fortinet. The firewall policy is allowing any traffic thru, except SMTP traffic. Under the VPN configuration page, there isn`t really anything about networks, I can upload a screenshot if needed.

To configure the phone on the UC, do I need to bring the phones to the main office, or I can do it via VPN? how do I let the UC recognize the phone remotely?

The TFTP server is 10.1.1.1, do I set the same thing on the remote phone?

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-29-2013 12:15 PM

Hello,

You can post the Fortinet configuration, but I'm not sure how much assistance I'll be able to provide regarding that.

You do not need to bring the phones to the office first. You just need to have the phones programmed.

The TFTP server will be the same on the remote phones.

Thanks,

-john

0 Helpful

compenviron
Level 1
Level 1
In response to johschaf

‎10-29-2013 12:52 PM

by the way what do you mean by getting the phone programmed? Is it just change some settings on the phone itself?

Under the network configuration, The phones in the main office has the settings as follows:

DHCP server: 10.1.1.1

IP address: 10.1.1.x

TFTP server: 10.1.1.1

Default router: 10.1.1.1

Call Manager: 10.1.1.1

Do I set everything the same on the remote phone? Or set the IP address in the range 192.168.9.x, default router 192.168.9.99, then TFTP server and Call Manager as 10.1.1.1?

0 Helpful

compenviron
Level 1
Level 1
In response to compenviron

‎10-29-2013 12:46 PM

0 Helpful

johschaf
Level 4
Level 4
In response to compenviron

‎10-29-2013 12:59 PM

Hello,

I'm refering to making sure the phones have a configuration defined in the UC. The phone will get an address from the remote site network range, just make sure it has the TFTP server defined.

I'm not familiar with the Fortinet, but you need to permit the voice/voicemail networks through the VPN.

Thanks,

-john

0 Helpful
Customers Also Viewed These Support Documents