Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2487
Views
0
Helpful
4
Replies

SPA504G located at remote location site to site vpn

Go to solution
holguie81
Level 1
Level 1

‎02-16-2011 11:13 PM - edited ‎03-21-2019 03:41 AM

We just configured  a site to site VPN between our UC540 and remote site and we are passing data and voice traffic or so it appears. However, when I attempt to place my SPA504G at the remote location it does not download the configuration.

data network 192.168.22.0/24 voice network 10.1.1.0/24 ---------UC540--------Internet--------Firewall-------192.168.3.0/24

We have created site VPN that passes 192.168.22.0/24 and 10.1.1.0 traffic to 192.168.3./24

I can ping 192.168.3.0 network from 192.168.22.0 network

I can also ping 192.168.3.0 network from 10.1.1.0 network

and vise versa

What is missing? I can not get the Spa504G to phone to download the config from the UC540

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vcappucc
Level 1
Level 1

‎02-16-2011 11:58 PM

Hello,

What is the tftp source address? by default the UC540 is  loopback0 with the 10.1.10.0/30 which is not part of the crypto traffic under your diagram.

you may want to add this network to your crypto ACL  and deny it on your NAT configuration, or you could also change the ip tftp source-interface Loopback0 to ip tftp source-interface bvi100

HTH

Victor.-

View solution in original post

0 Helpful
4 Replies 4

Go to solution
vcappucc
Level 1
Level 1

‎02-16-2011 11:58 PM

Hello,

What is the tftp source address? by default the UC540 is  loopback0 with the 10.1.10.0/30 which is not part of the crypto traffic under your diagram.

you may want to add this network to your crypto ACL  and deny it on your NAT configuration, or you could also change the ip tftp source-interface Loopback0 to ip tftp source-interface bvi100

HTH

Victor.-

0 Helpful

Go to solution
holguie81
Level 1
Level 1
In response to vcappucc

‎02-17-2011 07:59 AM

Hi Victor,

My TFPT Server  address according to CCA is 10.1.1.1

Thanks for the input, I was wondering if the 10.1.10.0/30 network needed to be setup to pass through our site to site vpn.

For your second suggestion, is there any repercussions or issues that could arise from changing the tftp source-interface Loopback0 to ip tftp source-interface bvi100 from a CCA stand point?

Thanks again,

0 Helpful

Go to solution
Darren DeCroock
Level 4
Level 4
In response to holguie81

‎02-17-2011 09:30 AM

If your tftp-source is set to Loopback0, the default address for Loopback0 is 10.1.10.2.

I would suggest that you leave the tftp server address, and add 10.1.10.0 to the VPN.  Since you will also need to access this subnet for voicemail.

Thank you,

Darren

0 Helpful

Go to solution
holguie81
Level 1
Level 1
In response to vcappucc

‎02-22-2011 06:13 PM

Thank you for your help this worked perfectly

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents