[cisco-voip] SEP.cnf.xml with VPN phone/config

Peter Slow peter.slow at gmail.com
Mon Mar 7 12:41:53 EST 2011


SIP on those phones is basically proprietary in the first place -
Forgive my ignorance, but has there been any decent amount of success
getting newer phones to work with your 3rd party SIP solution
_without_ there being a VPN involved in the first place?

On Mon, Mar 7, 2011 at 12:21 PM, Jared Mauch <jared at puck.nether.net> wrote:
> The 7970, 7965, 7975 lack the natreceivedprocessing support that exist in the 7940/7960 firmware.
>
> I can share some pcaps with you, but what happens is the phone does not see the replies from the SIP proxy, or does not associate them during the SIP register replies.
>
> - Jared
>
> On Mar 7, 2011, at 12:19 PM, Ryan Ratliff wrote:
>
>> I'm curious what makes you feel the phones are horrible at nat traversal.  Is there a particular behavior they do or are not doing that could improve behavior with NAT?
>>
>> The built-in VPN for the phones is very much tied into the provisioning they get from CUCM.  I don't believe you are going to get very far trying to do it without one, but I'm sure the community would be interested in seeing how you do.
>>
>> -Ryan
>>
>> On Mar 7, 2011, at 10:16 AM, Jared Mauch wrote:
>>
>> I'm looking to use a 3rd party SIP solution and VPN system and wanted to try to make it work while we wait for our CM to ship.
>>
>> The java/cnu based phones are horrible at nat traversal and I want to run a PPTP or other vpn solution actually on the IP PBX so the phones can work around the broken nat.  If someone from Cisco wants to contact me off-list (we have TAC support, so I can open a case as well) I'd be happy to work with you to help solve these defects.
>>
>> I'm working with the 7965 and 7975 phones.  To have VPN support one needs to run the 9.X firmware.
>>
>> (Still waiting on my CM to ship -- send me ~30 phones and no CM and i'll make it work with our existing IP PBX :).
>>
>> - Jared
>>
>> On Mar 7, 2011, at 10:12 AM, Scott Voll wrote:
>>
>>> What version of ASA / CM are you using?
>>>
>>> I think this is only supported if you have at least ASA FOS 8.2 or 8.3 (I can't remember) AND CM 8.X
>>>
>>> In the past, I have used a ASA 5505 with a Site to Site VPN and used the PoE ports to power the Phone.  Worked very well and with the cost of a ASA 5505 as low as it is..... It might be a good option.
>>>
>>> YMMV
>>>
>>> Scott
>>>
>>> On Fri, Mar 4, 2011 at 4:18 PM, Jared Mauch <jared at puck.nether.net> wrote:
>>> Can someone please send me a copy of your config file that is using the VPN for a home user?  I'd like to compare these settings to what I am trying to do here.
>>>
>>> I would really appreciate it.  You can obfuscate any IP/Name/password configs you want.
>>>
>>> Bonus if you are using something like PPTP with a 7965 or 7975 and SIP.
>>>
>>> Much appreciated!
>>>
>>> - Jared Mauch
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>



More information about the cisco-voip mailing list