Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote site IP phones are not registering even the L2L VPN Tunnel is up


I have an  IP Telephony setup with CME 9.1 (2921 router) and having 4 remote sites connected with site to site VPN.

All the remote site phones are connected to main office Call Manager Express.Each site including 3 Cisco IP Phones only.We are having dedicated 1 MBPS link connectivity for each remote sites to main office.

Each remote site set up is like this , having dedicated ASA's (5505 version 9.0)  and we configured DHCP server on ASA and phones are  getting IP from the ASA. We have only one vlan for Data and Voice in remote location because ASA license is base license.

Main office setup like this we are having 2 internet lines and its terminated on Cyberroam firewall and from cyberroam we are connected to ASA 5505.

ASA its connected to Call Manger Express.Cyberroam engineer opened the ports for VPN (500 and 4500) to our ASA outside IP.

Problem is that, once tunnel is up, i can ping from main office to branch  office. if we are connecting phone to ASA's POE Port IP Phones will get the IP from ASA and will register phone to main office CME ( We have given TFTP Server IP in the ASA DHCP Server configuration).  After registering the phone i can make the calls to main office and outside.

After sometimes (30 minutes or 1 hour or more) phones will get unregistered and its trying to connect the TFTP Server. that time when i checked in the ASA for VPN. I can see Tunnel is up. But when i checked IPSEC Packet details from the main office IPSEC Packets are encap & decaps and encrypt and decrypt. when i checked in the main office Tunnel is up and  IPSec packet only encap and decap there is no encrypt and decrypt, at the same time i can browse, that means there is no issue with internet.

Once we are restarting the ASA, phone will get connected with the Main branch CME and as I mentioned earlier the issue will come agin after sometime.

I removed all the phones in one remote branch and connected only one PC and its working fine without any issue.I do continously ping from remote

site PC to main office PC for 3 days and its working fine.

Attached is the configuration for the Main office  and branch office ASA.

Thanks in advance for your support...

Nithin Louis.

  • VPN