CUPS 7.0 and VPN... is there anyway to get it to work?

Unanswered Question
Oct 1st, 2009
User Badges:
  • Green, 3000 points or more

Mine is sporatic, it's driving me nuts. Sometimes I login and I get the correct presence of myself. I can change from DND to away, etc, idle works, etc. Somewhere in the night, it started to work on its own. I played around with it this morning and it was working. (could not see other status though.) I logged out and logged back in, now it's offline.

ASA is believe is 8.04 SSL vpn. I tried with IPSEC also and not much luck either.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
htluo Thu, 10/01/2009 - 09:42
User Badges:
  • Red, 2250 points or more

Whether it's a CUPS/CUPC issue or a VPN issue is always a debatable topic.

Technically, it's a network issue. But the arguing point is "why other applications work fine except CUPC?"

This is due to the "call-back" in SIP.

For most of other application, the client (your laptop) initiate the connection to server. Server returns traffic to the source port. Most of the firewall/VPN was designed to cater this kind of traffic pattern.

For CUPC, the client tells the server what port the client is listening. Whenever there's an update, the server initiate the connection to the "call-back" port. Most of firewall/VPN will block this kind of traffic because it's considered "intrusion" to the client.

WAN optimizer (WAAS) would also add complexity to the picture. The symptom is TCP handshake failed.


Steven Griffin Fri, 10/02/2009 - 13:27
User Badges:
  • Silver, 250 points or more

By default CUPS uses a UDP based SIP Proxy. SIP over UDP tends to get clobbered by firewalls. Change the proxy to use TCP based signaling instead, under the Personal Communicator section, and see if that doesn't make your CUPC client behave better.

Tommer Catlin Fri, 10/02/2009 - 13:31
User Badges:
  • Green, 3000 points or more

The default is TCP. in the SIP proxy I changed from UDP to TCP also, but no change.

Steven Griffin Mon, 10/05/2009 - 09:23
User Badges:
  • Silver, 250 points or more

When I troubleshoot Cisco Presence I generally start at the same switch the server is connected to and verify functionality. Then I go downstream to the next switch and so on until it breaks. From there you can figure out what the switch/router/firewall/VPN is doing to Presence.

If you look at the Server Health in CUP Client, you will see the Client unable to connect to presence. If so edit the host files of the OS and include the fully qualified domain name of The CUP Server.

Also make sure DNS is configured properly Inc DHCPLease the VPN Client get, CUCM, CUPS etc... It's all DNS!! Also best to upgrade to the latest CUPS update! Nico

arlincurtis Mon, 10/05/2009 - 21:33
User Badges:

I had the same issue. Telling the ASA not to inspect SIP traffic under my global_policy solved it. Just depends if you want to do that or not..

Tommer Catlin Tue, 10/06/2009 - 07:06
User Badges:
  • Green, 3000 points or more

yeah, we turned that off also but it still bounces the presence status up and down. thanks!


This Discussion