Hi, I'm hopeing someone can help here and point out if this is a known issue. We've got ASA 8.3 supplying phone proxy for a few remote users. Almost all the users are working fine and have no issues what so ever, we use both 7940s and 7921 devices for phone proxy users. However one single user keeps getting issues where the phone will be working the first time it gets connected at home but by the following morning it will not connect. Reviewing the log on the ASA shows that the phone is attempting to connect using port 2000 as if it has lost its certificate. The TFTP download is working fine, and the CTL file looks like its being deployed correctly. Originally we thought this issue was down to a dud phone 7940 so we swapped it out. We attempted to replicate the problem ourselves but have been unable to do so. The user then took home his replacement 7940 this of course worked for the first 12- 24 hours then stopped working again, with the same symptoms, that the phone is ignoring the certificates and attempting to talk to the ASA using port 2000 rather than 2443. We are using SCCP to deploy the phones and no other people are experiencing this issue. We've asked the user to contact their ISP along with resetting their home router, but what I want to know is if anyone has experienced the ISP blocking the SCCP Secure communications that would create this issue. We do know the user is on a very strict ISP who performs some sever Deep Packet Inspection and Packet Shaping but we didn't think this would block the secure communications entirely. Of course if we open up port 2000 the phone registers and works but we only did that for some troubleshooting steps to see if the phone would register. We can't have external phones registering in non-secure mode for obvious reasons. Any ideas or suggestions welcomed, especially before we go flaming the ISP.
... View more