02-13-2012 04:47 PM - edited 03-21-2019 05:20 AM
I am setting up a UC560 to establish a IPSec VPN tunnel to an ASA5510 to tunnel voice to allow users in this branch use phones. For the TFTP request I am assuming the tunnel will need to communicate to the UC at 10.1.1.1?
SiteA
UC560
network 10.1.1.0/24 voice vlan
SiteB
ASA5510
network 10.1.2.0/24 voice vlan
Voice DHCPD with option 150 to 10.1.1.1
Solved! Go to Solution.
02-13-2012 06:31 PM
Nope your assumptions are confirmed it works of the tftp-source address
Cheers,
David.
02-14-2012 07:59 PM
Hi Devin,
Do they eventually register though?
Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.
Cheers,
David.
02-14-2012 08:37 PM
Hi Devin,
Check to see what the tftp source-interface is on the UC560. Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:
ip tftp source-interface Vlan100
The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.
Let me know if that helps.
Thanks,
Brandon
02-13-2012 05:37 PM
Hi Devin,
Can you please advise if there is a UC-560 at both sites?
If there is then they should register to their local UC, if not then they would need to register to the remote UC on 10.1.1.1 as you correctly pointed out
Cheers,
David.
02-13-2012 06:19 PM
There is only one UC560 I just need to confirm for SCCP is communicating to 10.1.1.1 and for RTP needing to communicate between the two voice networks 10.1.1.0/24 and 10.1.2.0/24. Was not sure if 10.1.2.0/24 needs to talk to 192.168.10.1
02-13-2012 06:31 PM
Nope your assumptions are confirmed it works of the tftp-source address
Cheers,
David.
02-13-2012 06:49 PM
Dont forget about CUE and other XML services. 10.1.10.0/30
02-14-2012 07:11 AM
Thanks for the help I have my tunnel up but noticing the phone that would be in SiteB is taking a really long time to download the phone xml files. I actually have this setup in a test environment. It keeps repeating the same files
Downloading:XML.Default.cnf.xml
Downloading:XML.Default525G2.cnf.xml
02-14-2012 07:59 PM
Hi Devin,
Do they eventually register though?
Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.
Cheers,
David.
02-14-2012 08:37 PM
Hi Devin,
Check to see what the tftp source-interface is on the UC560. Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:
ip tftp source-interface Vlan100
The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.
Let me know if that helps.
Thanks,
Brandon
02-15-2012 07:28 AM
I am running software 8.2.0 I noticed it creates a vlan90 by default. I can pass traffic (interesting traffic) from both directions. When I turn on debug tftp events I see nothing from the remote phones.
ip tftp source-interface Vlan90
!
interface Vlan90
ip address 10.1.10.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
!
interface Integrated-Service-Engine0/0
description Interface used to manage integrated application modulecue is initialized with default IMAP group
ip unnumbered Vlan90
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
!
ip route 10.1.10.1 255.255.255.255 Vlan90
02-15-2012 07:38 AM
Well I figured out the issue on the ASA side for DHCP, the phones are getting a classful netmask 255.0.0.0 but when I try a PC from vlan 100 just for testing I get the correct 255.255.255.0.
I been putting newer phones onto this switch behind the ASA and they are getting the correct mask. Very odd will continue further testing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide