Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Remote teleworker issue

Hello,

In previous years I have installed a hub and spoke VPN for my client using a 1841 at the hub, and 877s at each spoke and this has worked flawlessly.

Based on a configuration I've used for another client I've installed a UC560 replacing the 1841 as the hub, and two SPA handsets at one of the sites.  Neither handset will register with the UC560 - I did register them at the main site then take them remotely and plug them in but they won't register.  Both are stuck at the Downloading xml files (either default or the one for the MAC address).

I can ping the TFTP server from the remote site.

Can I please have some pointers and suggestions to troubleshoot the issue?

Any assistance greatly appreciated.

4 REPLIES
Community Member

Remote teleworker issue

Damian,

Are you using the SSL VPN on the SPA phones(525's), or do you have an IPSEC tunnel setup?  If you are using SSL VPN, can you connect with a computer?  If using SSL VPN, does your phone show the VPN connected on the upper portion of the screen?  Do you have split tunneling enabled?

Really need to know that type of VPN connection you are using.

Thank you,

Darren

Community Member

Remote teleworker issue

So it is a site to site VPN using IPSEC between a UC560 and an 877.

I've done a debug tftp packets and debug tftp events on the 560 and can see that requests are being received by the 560 and replied to by the 560 but the phone doesn't appear to be seeing the responses as it keeps asking for the xml config files.

No I'm not using the SSL VPN on the 525.

Is this perhaps an IOS issue?  The 877 is running c870-advsecurityk9-mz.124-24.T2.

Thanks.

Community Member

Remote teleworker issue

Fixed.  It was that I hadn't configured the CUE IP address in the ACL for the VPN which is interesting because this doesn't affect the registration of a 7931 handset.  This is a SPA509G handset so it must need access to CUE to register.

Or maybe there is some other strange reason.

Community Member

Remote teleworker issue

Damian,

I am glad you were able to get it working.

The reason the access to the CUE subnet is required is the default setting of "ip tftp source-interface Vlan90".  So the responses from the UC560 were being sourced from Vlan 90.  I believe that the 7900 series phones will default back to a saved config if they are not able to communicate with the tftp server.  The SPA500's will not.

Thank you,

Darren

524
Views
0
Helpful
4
Replies
CreatePlease to create content