×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

iPhone Jabber & AnyConnect with ASA5505 and UC540 won't connect

Answered Question
Oct 21st, 2012
User Badges:

So I have been trouble shooting this for a while.


Goal: having Cisco Jabber to work over 3G by connecting to ASA5505 using the iPhone AnyConnect client.


My diagram:        iPhone (Jabber/AnyConnect) -> Internet -> ASA5505 -> UC540

ASA/UC540 Vlans:     voice Vlan 10.1.1.0/24, data Vlan 192.168.1.0/24

The connection between the ASA and UC540 is trunk port allowing vlan 1 and 100 (data and voice)


ASA5505 AnyConnect address pool: 172.16.1.X/27


If I connect to the UC540 over wifi, Jabber works perfectly (all incoming, outgoing, and voicemail)

If I connect to the ASA5505 via 3G (AnyConnect client) and the iphone receives a 172.16.1.1 address, it can ping CME/CUE no problem but the Jabber client connect.


Here is the crazy part... if I change the AnyConnect address pool to be the same as the voice vlan (to 10.1.1.100-120 ensuring no IP address overlap) Jabber connects on the iPhone but messaging does not work - CUE can't access the iphone when it receives a 10.1.1.100 address assigned by the firewall.


Please help... I believe it's a routing issue.  When running 'debug ip icmp' on the UC540 while trying to register with the iPhone, the debug shows:



003949: Oct 21 18:06:55.233: ICMP: dst (10.1.10.2) port unreachable sent to 172.16.1.1


strange... why is it sending port unreachable?  I can ping 172.16.1.1 from CME and CUE no problem.


Thank you!

Cheers,

Jas

Jas,


Sorry to say this is not supported, several of us have got it to work, but for me it all of a sudden drops the call. I'm not sure when it will be 100% supported but maybe someone from teh business unit can address that.

Part of the reason is the phone must be on the Voice VLAN (according to the docs) so I am not sure how you are bridging the voice vlan through the firewall in a routed configuration.



Bob James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer

Jas,


Sorry to say this is not supported, several of us have got it to work, but for me it all of a sudden drops the call. I'm not sure when it will be 100% supported but maybe someone from teh business unit can address that.

Part of the reason is the phone must be on the Voice VLAN (according to the docs) so I am not sure how you are bridging the voice vlan through the firewall in a routed configuration.



Bob James

jan.lipkowski Mon, 11/05/2012 - 06:49
User Badges:

Thanks Bob... I had my Cisco Channel Account Manager confirm this as well... though it was once supported (short period), they removed it.

Actions

This Discussion

Related Content