Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Team,

 

I am currently running CUCM 8.0.3 and I tried to run the Cisco IP Communicator (CIPC) 8.6.1.0 using a IP SEC VPN.

 

As a result : There is no way to register my CIPC 8.6.1.0 to the CUCM 8.0.3 when I use the VPN.

However when I uninstall the CIPC 8.6.1.0 and install CIPC 7.0.6.0 then I try to register the CIPC to the Call Manager through my VPN there is no problem at all !

 

Moreover I  don't have any issue at all with both CIPC release  8.6.1.0 and 7.0.6.0 when I and within my compagny network.

 

Does anybody know if the CIPC 8.6.1.0 is compatible with CUCM 8.0.3 ? If so, then has anybody experienced a registration issue with CIPC 8.6.1.0 and CCUCM 8.0.3 ?

 

Thank you and Regards

 

Nick

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Nick,

Indeed!

I received a reply from Cisco CUCM Customer Support:

"

Skinny Call Control Protocol (SCCP) version 17 used by CIPC 8.6.1 is not supported by Juniper Firewalls.

You need to disable the SCCP ALG on the firewall by the following command:

unset alg sccp enable

"

After setting this on our ISG2000, it worked!

(

-> unset alg sccp enable

-> get alg              

MSRPC    ALG : enabled

SUNRPC   ALG : enabled

SQL      ALG : enabled

SIP      ALG : enabled

RTSP     ALG : enabled

H323     ALG : enabled

MGCP     ALG : enabled

SCCP     ALG : disabled

////

)

I think Cisco should answer these posts also, and have a Knowledge Base they would share with us on their site...!

Guido

6 REPLIES
Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

All right Guys, here are some news :

I ran a Wireshark trace to capture the data when the IP communicator starts and register to CUCM using the TFTP server and there is indeed a difference between CIPC 7.0 and 8.6 :

CIPC  7.0.6.0 : The CIPC uses the TFTP protocol on port 69 to communicate with the TFTP server to get it's configuration.

CIPC  8.6.1.0 : The CIPC uses the HTTP protocol and address the web proxy on port 8080,  which redirects to the TFTP server using HTTP (e.g. GET http://10.196.19.3:6970/CTLSEP5C260A85B957.tlv HTTP/1.1\r\n)

This is the major difference and as for me, that's why although I was connected with my CIPC  8.6.1.0

to my compagny's office from home using IP SEC VPN, the proxy server didn't redirect the request to the TFTP server

Regards

Nick

Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Nick,

we have the same issue (when using 8.6.2.0 versus 7.x and CUCM 7.1.5) on our Juniper VPN.

In this PDF http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/administration/cag85c.pdf

I found the option to use tftp instead off http. (see below)

but that didn't help:-(

But WTH? I can login with Extension Mobility, altough my phone doesn't register.

Guido

Application is Slow to Register

Problem The application takes a long time to register successfully and your proxy server has been configured in Internet Explorer for HTTP traffic.

Solution Disable HTTP download by changing the system registry setting at: HKEY_LOCAL_MACHINE -> Cisco System, Inc .-> Communicator -> EnableHttpDownload to 0.Application is Slow to Register
Problem The application takes a long time to register successfully and your proxy server has been configured in Internet Explorer for HTTP traffic.
Solution Disable HTTP download by changing the system registry setting at: HKEY_LOCAL_MACHINE -> Cisco System, Inc .-> Communicator -> EnableHttpDownload to 0.

Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Guido,

That's interresting. In my case I have a Cisco VPN ASA 5540 (release 8.4.2) IPSec concentrator and a JUNIPER Firewall Netscreen ISG 1000.

There was an issue - CSCtx82637  -  described with the ASA release 8.4.2 related to the SCCP Skinny protocol used buy the latest CIPC softphone,  however in our lab the issue described by Cisco didn't apply.

Now I am investigating with our network team on the Juniper FW side to find out whether the Netscreen ISG 1000 is having an issue with the latest SCCP Skinny version 19 provided by the  CIPC softphone release 8.6(2).

I'll let you know as soon as I get more information

Best Regards

Nick

Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Another URL which may be worth looking if your FW is 100% Cisco : https://supportforums.cisco.com/docs/DOC-8131

Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Nick,

Indeed!

I received a reply from Cisco CUCM Customer Support:

"

Skinny Call Control Protocol (SCCP) version 17 used by CIPC 8.6.1 is not supported by Juniper Firewalls.

You need to disable the SCCP ALG on the firewall by the following command:

unset alg sccp enable

"

After setting this on our ISG2000, it worked!

(

-> unset alg sccp enable

-> get alg              

MSRPC    ALG : enabled

SUNRPC   ALG : enabled

SQL      ALG : enabled

SIP      ALG : enabled

RTSP     ALG : enabled

H323     ALG : enabled

MGCP     ALG : enabled

SCCP     ALG : disabled

////

)

I think Cisco should answer these posts also, and have a Knowledge Base they would share with us on their site...!

Guido

Community Member

Cisco IP Communicator issue when using VPN with CUCM 8.0.3

Hi Guido,

You saved my life, as this is exacly what the issue I had was about !!!

The Juniper firewall didn't support the latest Skinny protocol provided by the Cisco IP Communicator. I fixed the issue on the FW with the command : unset alg sccp enable

Thank you again

Nick

5711
Views
0
Helpful
6
Replies
CreatePlease to create content