UC560 - branch office L2L voice

Answered Question
Feb 13th, 2012

I am setting up a UC560 to establish a IPSec VPN tunnel to an ASA5510 to tunnel voice to allow users in this branch use phones. For the TFTP request I am assuming the tunnel will need to communicate to the UC at 10.1.1.1?

SiteA

UC560

network 10.1.1.0/24 voice vlan

SiteB

ASA5510

network 10.1.2.0/24 voice vlan

Voice DHCPD with option 150 to 10.1.1.1

I have this problem too.
0 votes
Correct Answer by Brandon Turpin about 2 years 2 months ago

Hi Devin,

Check to see what the tftp source-interface is on the UC560.  Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:

  ip tftp source-interface Vlan100

The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.

Let me know if that helps.

Thanks,

Brandon

Correct Answer by David Trad about 2 years 2 months ago

Hi Devin,

Do they eventually register though?

Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.

Cheers,

David.

Correct Answer by David Trad about 2 years 2 months ago

Nope your assumptions are confirmed it works of the tftp-source address

Cheers,

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (3 ratings)
David Trad Mon, 02/13/2012 - 17:37

Hi Devin,

Can you please advise if there is a UC-560 at both sites?

If there is then they should register to their local UC, if not then they would need to register to the remote UC on 10.1.1.1 as you correctly pointed out

Cheers,

David.

devin.culp Mon, 02/13/2012 - 18:19

There is only one UC560 I just need to confirm for SCCP is communicating to 10.1.1.1 and for RTP needing to communicate between the two voice networks 10.1.1.0/24 and 10.1.2.0/24. Was not sure if 10.1.2.0/24 needs to talk to 192.168.10.1 

Correct Answer
David Trad Mon, 02/13/2012 - 18:31

Nope your assumptions are confirmed it works of the tftp-source address

Cheers,

David.

devin.culp Tue, 02/14/2012 - 07:11

Thanks for the help I have my tunnel up but noticing the phone that would be in SiteB is taking a really long time to download the phone xml files. I actually have this setup in a test environment. It keeps repeating the same files

Downloading:XML.Default.cnf.xml

Downloading:XML.Default525G2.cnf.xml

Correct Answer
David Trad Tue, 02/14/2012 - 19:59

Hi Devin,

Do they eventually register though?

Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.

Cheers,

David.

Correct Answer
Brandon Turpin Tue, 02/14/2012 - 20:37

Hi Devin,

Check to see what the tftp source-interface is on the UC560.  Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:

  ip tftp source-interface Vlan100

The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.

Let me know if that helps.

Thanks,

Brandon

devin.culp Wed, 02/15/2012 - 07:28

I am running software 8.2.0 I noticed it creates a vlan90 by default.  I can pass traffic (interesting traffic) from both directions. When I  turn on debug tftp events I see nothing from the remote phones.

ip tftp source-interface Vlan90

!

interface Vlan90

ip address 10.1.10.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

!

!

interface Integrated-Service-Engine0/0

description Interface used to manage integrated application modulecue is initialized with default IMAP group

ip unnumbered Vlan90

ip nat inside

ip virtual-reassembly in

service-module ip address 10.1.10.1 255.255.255.252

service-module ip default-gateway 10.1.10.2

!

ip route 10.1.10.1 255.255.255.255 Vlan90

devin.culp Wed, 02/15/2012 - 07:38

Well I figured out the issue on the ASA side for DHCP, the phones are getting a classful netmask 255.0.0.0 but when I try a PC from vlan 100 just for testing I get the correct 255.255.255.0.

I been putting newer phones onto this switch behind the ASA and they are getting the correct mask. Very odd will continue further testing.

Actions

Login or Register to take actions

This Discussion

Posted February 13, 2012 at 4:47 PM
Stats:
Replies:9 Avg. Rating:5
Views:846 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard