I am setting up a UC560 to establish a IPSec VPN tunnel to an ASA5510 to tunnel voice to allow users in this branch use phones. For the TFTP request I am assuming the tunnel will need to communicate to the UC at 10.1.1.1?
network 10.1.1.0/24 voice vlan
network 10.1.2.0/24 voice vlan
Voice DHCPD with option 150 to 10.1.1.1
Check to see what the tftp source-interface is on the UC560. Since the phone is behind the ASA (stateful firewall), you will probably need to configure the following:
ip tftp source-interface Vlan100
The phone is trying to send packets to 10.1.1.1 and this will make the return tftp packets sourced from 10.1.1.1.
Let me know if that helps.
Do they eventually register though?
Can you maybe run a "debug tftp event" and capture that for us when this takes place, it would be interesting to see what is happening on the system when they try to get their config data.
Nope your assumptions are confirmed it works of the tftp-source address