Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN phone pulls wrong TFTP from cable router

Hi everyone,

I am having a problem with remote 7945 phones that have been deployed.  The remote connection is set for VPN connection to an ASA 5525.  Many phones have worked but I have found that approximately a 1/3 of the phones are failing to launch the VPN.  I have found that the phones fail because they have been given a TFTP address from the local cable modem.  The TFTP assigned is the modem's address and thus the phone is sending the TFTP request to the cable modem. 

I have manually changed the Alternate TFTP setting on the phone which does launch the VPN but it never completed the registration after the VPN is established. The phone receives and IP address from the proper pool, the same pool that successful VPN phones have used.   It simply tries to register over and over again.

I have also turned off Enable Auto Network Detect in both the VPN Profile and VPN Parameters.  Unfortunately the phone does not launch the VPN and shows a "TFTP error:" followed by a "No IPv4 TFTP server" error. 

I am not sure where to go to from here.  Any help would be appreciated.

Todd

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

VPN phone pulls wrong TFTP from cable router

I found a resolution to this issue.  Using the alternate TFTP address is the correct solution.  I found that the phone was using the TFTP address to download the configuration from Call Manager.  The problem was we had changed the IP addressing of our DNS servers about 6 weeks ago.  The new addresses for the DNS server were on the same network as one of the interfaces for the ASA.  We use host names for the server address.  When the phone sent a request to the DNS server to resolve the host name the response was returned on a different interface than it was sent and was blocked by the ASA.  Luckily we have 3 DNS servers so I changed the routing to the 3rd one to go out the same interface it would return. The phone registers now and user mobility works too.  

Todd

11 REPLIES

VPN phone pulls wrong TFTP from cable router

Hi Todd.

How do you push DHCP server info to the phone.

Does it receive the info via DHCP or you set it statically on the phone?

Let me know

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
New Member

VPN phone pulls wrong TFTP from cable router

The phone ARPs for the DHCP server so it can pick up a local address from the cable modem/router.  The issue only happens when a phone picks up a TFTP server address during DHCP. 

Todd

VPN phone pulls wrong TFTP from cable router

Hi Todd.

Did you verify option 150 on dhcp pool on Cable router configuration?

when you boot the  IP phone, can you check in "network configuration" if TFTP1 ip address is present?

Please let me know

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
New Member

VPN phone pulls wrong TFTP from cable router

Carlo,

I went as far as the GUI for the modem would allow, but could not find a setting for TFTP.  I even contacted the provider who insisted they do not have a setting for TFTP in DHCP. 

Yes the TFTP address is configured with the IP address of the cable modem.  That is problem and trying to figure out how to work around it. 

Todd

VPN phone pulls wrong TFTP from cable router

Hi Todd.

What I can suggest you, if suitable to your envirorment, is to setup a separate DHCP server on a windows or linux PC and assign the correct TFTP ip address to IP Phones and stop DHCP service on the cable modem.

HTH

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
New Member

VPN phone pulls wrong TFTP from cable router

Carlo,

I understand where you are coming from on the DHCP server but this issue is with end users mostley working from home.  We would have to set up a DHCP server on each person's PC then have the phone request DHCP from that PC, assuming the user has even powered the PC up and logged in at that point.  It would be easier to manually set up each phone after it arrived at the location.  I am looking for a broader hands off solution that would allow the user to simply plug in the phone and be able to use it.

Todd

Re: VPN phone pulls wrong TFTP from cable router

Ok Todd.

So in this case, the simplest solution would be to setup manually on the phone the TFTP server address accessing Phone settings. As deploying model you could provide IP phones alredy configured with those settings.

HTH

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
New Member

VPN phone pulls wrong TFTP from cable router

Carlo,

Technically that is possible but not efficient.  I would spend hours every week setting up new remote users.  It is not a solution I am willing to pursue. 

Todd

VPN phone pulls wrong TFTP from cable router

Todd.

If the problem is the DHCP on your cable modem, the only solution I can see is to investigate more on that device, because in some way, the IP Phone should receive the correct TFTP server.

Pelease share the model of cable model you are using to see if someone has faced the same issue with that model.

Thanks

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
New Member

VPN phone pulls wrong TFTP from cable router

I found a resolution to this issue.  Using the alternate TFTP address is the correct solution.  I found that the phone was using the TFTP address to download the configuration from Call Manager.  The problem was we had changed the IP addressing of our DNS servers about 6 weeks ago.  The new addresses for the DNS server were on the same network as one of the interfaces for the ASA.  We use host names for the server address.  When the phone sent a request to the DNS server to resolve the host name the response was returned on a different interface than it was sent and was blocked by the ASA.  Luckily we have 3 DNS servers so I changed the routing to the 3rd one to go out the same interface it would return. The phone registers now and user mobility works too.  

Todd

VPN phone pulls wrong TFTP from cable router

Hi Todd.

Good to know you found a solution!

+5P to you

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"
465
Views
5
Helpful
11
Replies
CreatePlease to create content