Hi all profesionals, I have ASA 5505 and UC500 in my network. ASA has IP inside address 172.20.1.1 and UC500 LAN address 172.20.1.2 - VLAN 1. IP phone do only registering request, but nothing happend. TFTP server on IP phone I have set to 172.20.1.2. Thanks for your answers and have a nice day, |
|||
 |
UC500.comCisco Communication Manager Express, UC520, SMB VOIP reference and community |
User loginNavigationPopular contentToday's:All time:
PollRecent comments
Who's onlineThere are currently 1 user and 17 guests online.
Online usersWho's new |
|
About sveselySyndicate Popular TagsActive forum topicsVoice News
Cisco TAC Issues - CME - UEArchive
|
interesting traffice
I am new to this. I am having the same issue with my cipc. How do I configure interesting traffic on my ASA?
You need to configure your
You need to configure your VPN tunnel to pass traffic to the voice vlan as well as the data vlan. So the defaults are 192.168.10.0/24 and 10.1.1.0/24.
help
i am assuming that you do this by an access list.
Whatever IP you have
Whatever IP you have configured under telephony-service for "ip source-address 10.1.1.1 port 2000" is going to be the IP you need to enter as the tftp server in IP Communicator. If you cannot ping that IP from your PC when the VPN is up, then it isn't going to work.
Cisco IP Communications Express Specialist
Hoover87 - this is not the
Hoover87 - this is not the case, because many people are using the default data side IP address. It works both ways, Andrew_ikon was using this IP address (data IP address), and could not do it. But this way he will be able to. Try it, it works both ways.
It make more sense the way you mention. Because that is the IP address of the SIP connection. But what I guess is many people don't really have to worry so much using the UC500 because it terminates the VPN connections and it know how to route to both subnets..
In my case, I connected via a Cisco 3000 concentrator, and the internal routing was done on a layer 3 switch. So, I noticed that it was not communicating either way, until I added the routes properly. But either way it gets a little tricky sometimes.
Now the other unknow was the Vista laptop via VPN connection. Also his XP boxes were working for some weird reason. I asked im if he could PING the 10.1.1.1 and he said no.... which in his case, is a routing issue at this time. I also proved out that using a Vista machine and Cisco VPN client, it does work, which was another unknown to both of us..
John
NIKTEK LLC
Here is the FIX!
Someone has already mentioned it above, but the Cisoc IP COmmunictor has options you need to set. You have to RIGHT click on the communictor application and go to preferrences. Under the NIC card you must specify you are using a NIC card that is the VPN adapter. By default it will be on your Local NIC card. When using the VPN the communicator needs this Cisco VPN adapter to be the default.
There may also be a few more issues. But you will have to be able to ping the IP address of the Phone System and also the CUE Module. It is normally at 10.1.1.1. It tries to register to PORT 2000 so if you type
NETSTAT -AN
On your PC, once connected and using the communicator - you will see your computer trying to connect to this IP address.
How are you VPN'ing in? Using the UC500 or another device like the VPN concentrator, PIX, ASA or other product? YOU must make sure you at a route in the VPN device for the network to your UC500 device and CUE network. If your UC500 was at the 192.168.1.10 and your CUE was at 10.1.1.1 ... your VPN device would need the following routes below.
192.168.1.0 255.255.255.0 ---> 192.168.1.10
10.1.1.0 255.255.255.0 ---> 192.168.1.10
Tell me if this helps.
John
NIKTEK LLC
TFTP server interface.
what is the ip address of vlan 100 that you are using as the tftp server? When you are connected to the firewall, can the PC on the vpn ping this interface, it must be routeable. Just curious, thanks.
Hi all,
Hi all,
thank you for your ideas,
1) TFTP server I have configured on UC500.
2) I set correctly IP communicator preferences to Cisco VPN with TFTP server.
but nothing happend, still IP phone registering - ONLY via VPN.
My PC in LAN with IP 172.20.x.x is normal talking with UC500, only sw phones connected via VPN are still registering.
Is possible to tell me some command on UC500 like debug to see communication between registering phone and UC500?
Thanks all again,
Steve
Have you added the mac to
Have you added the mac to the ephone? How many phones are already registered to the UC500....there is a limit. What do you see when you look at the log buffer?
Hi, limit is 48 phones. I
Hi,
limit is 48 phones. I have 10 at all.
I am using only cisco IP communicator, so maybe I try ephone.
log buffer? please write me a command.
Thank you
You need to specify the
You need to specify the address that is being used as the tftp source on CME/UC500 in the tftp server setting of the CIPC properties.
It doesn't matter which network interface you use, just make sure that whichever interface you use is the same MAC that is configured on the UC500 box for the ephone.
I would create a seperate
I would create a seperate subnet on the UC520 and assign it to VLAN 100. Make sure that network is accessable thrugh the tunnel. That way there are no conflicts with the ASA subnet.
I had to use the IP address
I had to use the IP address of the CME for the TFTP server. In my case 10.1.10.1 in order to get my softphone to register.
Brian
www.jaydien.com
in the preferences on the
in the preferences on the ipcommunicator, you have to choose what network interface you have to use. using vpn, i think you have to choose the vpn interface to get the ip com to work
under the IPC, don't use the
under the IPC, don't use the VPN interface for the SEP device name,
VPN clients tend to get the same MAC address
Hi All, First post here but
Hi All,
First post here but been hanging around a while for general information & this is an ideal site to keep up to date with update notifications :)
This is our first CIPC configuration, and at the moment we are having issues getting the CIPC to register over a Client VPN terminating on an 877W, which is on the same VLAN as the UC500 (192.168.100.250 = UC500).
We are setting the MAC using CIPC - SEP000099998888 - have then "create cnf" and we can register locally while on the LAN from both XP and Vista machines. Perfect - also much simpler than I thought it was going to be.
Once working remotely connected via VPN (with an IP address in 192.168.110.0/24) this is working without issue from a XP remote CIPC however we cannot get a Vista (SP1) based CIPC to register over the VPN. It will just sit there constantly registering, with intermittant errors of CLT failed to update, CLT failed to load, TFTP error etc.
We can ping the TFTP server without issue.
While we currently have a TAC case open with the APAC Theater we are wondering if anyone else has experienced issues with CIPC and Vista (SP1) over Client --> Site VPN.
Andrew, How are you
Andrew,
How are you connecting to the home network? Over VPN on hard wired NIC? Wireless NIC? Again, did you try to RIGHT click the Communicator screen and enter the TFTP address in there?
John
NIKTEK LLC
Hi John, Thanks for your
Hi John,
Thanks for your reply.
I'm connecting to the home network over Wireless to a Billion router. Home network range is 192.168.1.0.
The client VPN establishes from the laptop to the office (with a VPN Range of 192.168.110.0) and the UC500 sits on the network at work with an IP of 192.168.100.250.
I have modified the communicator settings, and set the SEP address to register to the correct ephone. It works fine from the office network on Vista but not remotely. The settings are exactly replicated from that of my XP Laptop, at home, over the VPN, using the same configuration which is working fine.
I can ping the UC500 from the laptop, I can CCA, Telnet and TFTP to / from the UC500 from my Vista laptop over the VPN.
When I connect the communicator at home over the VPN it sends the Vista network discovery for the VPN Interface into public from private, even though I have disabled the sharing etc on the options. I suspect this is the cause but I cannot work out how to totally disable the bloody thing.
Also you must change the NIC
Also you must change the NIC card you are using from the Vista's internal Nic to the VPN NIC card interface, then try the wireless interface. DId you do that? Open your Communicator and while it is searching, RIGHT CLICK on the communicator window and go to perferences and then networks.. and choose the Cisco VPN Nic card and wireless NIC card, try both. YOu have to do this part or it will not find your CME system. Also are you sure you have the MAC address correct in the CIPC settings?
Also you dont have to create and modify SEP settings to get this to work. What changes did you make?
I dont think it is the VISTA location type of priavte vs. public... but maybe... I think that firewalls some communications...
Go to Control Panel\Network and Internet\Network and Sharing Center and click the customize button. Then you can change to PUBLIC or PRIVATE location type in VISTA.
If you want I can remotely take over your VISTA machine and take a look for you. You would have to send me an email and we can sync up and a time to look at it. I have Microsoft Live Meeting and can give you a connection URL. I like to help because it teaches me what might happen to my clients.
John
NIKTEK LLC
Hi There John, My
Hi There John,
My understanding, and the way I interpreted my original conversation with TAC was that the MAC can be manually set to a "fake" MAC so that you can 1) Connect from any PC and/or interface to ensure you register the correct EPHONE / CIPC config. 2) So that I can be in the office, or at home, either wireless, lan, vpn and not need to chance the actual configuration on the router.
The windows XP machine has bound to the correct EPHONE, by manually setting the "use this device name" to SEP000099998888 - which is then matched in the CLI:
ephone 13
device-security-mode none
mac-address 0000.9999.8888
type CIPC
button 1o30,12 2o17,18,19,16 3o22,20,21,23 5:29
This part works as I would expect, with all testing, on the Windows XP machine. The vista machine however... just won't play ball! Unfortunately I do not have another Vista machine handy to test it out.
Regarding the CIPC and one way audio, I suspect this was infact resolved in 2.1.3, which I have now downloaded and installed on the XP machine, and will test tomorrow morning when someone is in the office :)
I've shot you an email via the contact tab.
O.K. Andrew, I figured it
O.K. Andrew, I figured it out.... I loaded up a Vista machine SP1 and installed Communicator 2.1.3.0. I connected via VPN and it did not work. Just like you.
I typed from a DOS prompt on the Vista machine... NETSTAT -AN and noticed the following connection trying to be made below. 192.168.1.150 is the IP address the VPN is giving my Vista machine. 10.1.1.1 is the UC500 voice VLAN
"TCP 192.168.1.150:50214 10.1.1.1:2000 SYN_SENT"
I could not communicate with 10.1.1.1 from the Vista machine (PING etc). I had to go to each HOP that was routing on switches and routers involved in my network and set the proper routing to allow access to the 10.1.1.1 subnet from the VPN device.. (I am using 3rd party layer 3 switches as default route at the office and a VPN concentrator, not just the UC500).. Once I set routing properly to BOTH the 10.1.10.X (already working) and 10.1.1.X networks, it worked.
Now a NETSTAT -AN produces this !! "ESTABLISHED"
TCP 192.168.1.150:50300 10.1.1.1:2000 ESTABLISHED
Now my Communicator came right up...
John
NIKTEK LLC
Could not make it work :(
Hi guys,
I did try the same thing. UC500 is sitting behind a cisco ADSL router (857). I am connecting to internet via ADSL connection as well. The VPN connection is terminated on the UC500 behind the cisco ADSL router. I have set up the route on the cisco adsl router (the ip address for TFTP server through to the Vlan1, where the UC500 is connected through to the switch of the router. I can see the netstat -an which says syn-sent, but it does not established.
Any ideas????
Thanks.
That worked a treat! I
That worked a treat! I suppose I disregarded that as an option owing the fact that, somehow, my XP machines were having no issues registering.
I added the 10.1.1.0 0.0.0.255 to the interesting traffic for the VPN and now the vista machine is registering.
Thanks for your additional assistance John, I have no explanation on the XP machine, but if we know this is whats required we will know for all future deployments to include it!
Have a good one mate!