Cisco Support Community
Community Member

Configuing a Remote SPA525G to work through a VPN

I am trying to get a SPA525G phone operating from a remote location through a VPN tunnel to the central site where there is a UC540.  I have a tunnel built between the two sites and can ping the UC540 IP address through the tunnel from the remote site (i.e., I have IP connectivity on the network and have added the necessary static routes to the UC540 so everything is reachable on the VPN).  I have a DHCP server (same device providing the VPN) at the remote site and the phone gets an address on the local network.  I have configured the TFTP server on the phone to point to the UC540 across the network through the tunnel.  However it won't register.  I put a packet monitor on the local network and the phone is trying to get its config via TFTP from the local DHCP server and not the TFTP server I configured.  Questions:

1) Do I need to configure the Alternative TFTP server?  If so, how do you unlock the config on the SAP525G?

2) If that isn't the way to get the phone working, how do I get it configured so it will register with the remote UC540 and able to download its config/software from the remote UC540?

Everyone's tags (6)

Re: Configuing a Remote SPA525G to work through a VPN

There are two ways to configure the TFTP server on the phone.  You can put option 150 to point to the Voice VLAN IP address on the UC500, or assign the Alternate TFTP on the phone.

One thing to consider is that when you set up a vpn tunnel, you need to allow all the remote site to connect to all subnets on the UC540.  TFTP by default sources packets with the loopback interface, so if you can't ping the loopback interface from the remote site, you won't be able to download a config file.  If you have a connection, you can verify that files are being downloaded correctly with the following debugs:

debug tftp events

debug tftp packets


Adam Compton

Community Member

Re: Configuing a Remote SPA525G to work through a VPN


Thanks.  How do I unlock the config in the SPA525G to set the alternative TFTP?  I have tried **# as in other IP phones and it doesn't work.

CreatePlease to create content