UC560 - branch office L2L voice

Answered Question
Feb 13th, 2012
User Badges:

I am setting up a UC560 to establish a IPSec VPN tunnel to an ASA5510 to tunnel voice to allow users in this branch use phones. For the TFTP request I am assuming the tunnel will need to communicate to the UC at 10.1.1.1?


SiteA

UC560

network 10.1.1.0/24 voice vlan


SiteB

ASA5510

network 10.1.2.0/24 voice vlan

Voice DHCPD with option 150 to 10.1.1.1

Correct Answer by Brandon Turpin about 5 years 1 month ago

Hi Devin,


Check to see what the tftp source-interface is on the UC560.  Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:


  ip tftp source-interface Vlan100


The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.


Let me know if that helps.


Thanks,


Brandon

Correct Answer by David Trad about 5 years 1 month ago

Hi Devin,


Do they eventually register though?


Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.


Cheers,


David.

Correct Answer by David Trad about 5 years 1 month ago

Nope your assumptions are confirmed it works of the tftp-source address



Cheers,



David.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
David Trad Mon, 02/13/2012 - 17:37
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Hi Devin,


Can you please advise if there is a UC-560 at both sites?


If there is then they should register to their local UC, if not then they would need to register to the remote UC on 10.1.1.1 as you correctly pointed out



Cheers,


David.

devin.culp Mon, 02/13/2012 - 18:19
User Badges:

There is only one UC560 I just need to confirm for SCCP is communicating to 10.1.1.1 and for RTP needing to communicate between the two voice networks 10.1.1.0/24 and 10.1.2.0/24. Was not sure if 10.1.2.0/24 needs to talk to 192.168.10.1 

Correct Answer
David Trad Mon, 02/13/2012 - 18:31
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Nope your assumptions are confirmed it works of the tftp-source address



Cheers,



David.

mcasimirc63 Mon, 02/13/2012 - 18:49
User Badges:
  • Silver, 250 points or more

Dont forget about CUE and other XML services.  10.1.10.0/30

devin.culp Tue, 02/14/2012 - 07:11
User Badges:

Thanks for the help I have my tunnel up but noticing the phone that would be in SiteB is taking a really long time to download the phone xml files. I actually have this setup in a test environment. It keeps repeating the same files


Downloading:XML.Default.cnf.xml

Downloading:XML.Default525G2.cnf.xml

Correct Answer
David Trad Tue, 02/14/2012 - 19:59
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Hi Devin,


Do they eventually register though?


Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.


Cheers,


David.

Correct Answer
Brandon Turpin Tue, 02/14/2012 - 20:37
User Badges:
  • Cisco Employee,

Hi Devin,


Check to see what the tftp source-interface is on the UC560.  Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:


  ip tftp source-interface Vlan100


The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.


Let me know if that helps.


Thanks,


Brandon

devin.culp Wed, 02/15/2012 - 07:28
User Badges:

I am running software 8.2.0 I noticed it creates a vlan90 by default.  I can pass traffic (interesting traffic) from both directions. When I  turn on debug tftp events I see nothing from the remote phones.



ip tftp source-interface Vlan90

!

interface Vlan90

ip address 10.1.10.2 255.255.255.252

ip nat inside

ip virtual-reassembly in

!

!

interface Integrated-Service-Engine0/0

description Interface used to manage integrated application modulecue is initialized with default IMAP group

ip unnumbered Vlan90

ip nat inside

ip virtual-reassembly in

service-module ip address 10.1.10.1 255.255.255.252

service-module ip default-gateway 10.1.10.2

!

ip route 10.1.10.1 255.255.255.255 Vlan90

devin.culp Wed, 02/15/2012 - 07:38
User Badges:

Well I figured out the issue on the ASA side for DHCP, the phones are getting a classful netmask 255.0.0.0 but when I try a PC from vlan 100 just for testing I get the correct 255.255.255.0.


I been putting newer phones onto this switch behind the ASA and they are getting the correct mask. Very odd will continue further testing.

Actions

This Discussion