[cisco-voip] ASA Phone-Proxy, CUCM 7.1(5b)SU4, and 7921/7925

Wes Sisk wsisk at cisco.com
Wed Mar 28 16:40:16 EDT 2012 

CUCM upgrade almost always necessitates ASA upgrade when doing proxy or inspection.

/wes

On Mar 28, 2012, at 4:35 PM, c3voip wrote:

After more careful review of the captures from the outside and inside simultaneously, it appears that the ASA is failing to forward some ACK’s that the phone is sending.
 
1.       The phone requests Ringlist.xml and CUCM sends block 1 and the ASA ACK’s it
2.       CUCM sends block 2 (last block) to the ASA, but ASA does not ACK that one
3.       ASA then sends block 1 to phone, and phone ACK’s it
4.       ASA then sends block 2 to phone, and phone ACK’s it
5.       ASA never sends ACK for block 2
 
CUCM continues to try to send the last block but neither the phone nor the ASA ever ACK it.
 
This happens similarly for DistinctiveRinglist.xml too.
 
It looks like CUCM tries to resend the last 2 blocks for these 2 files while the phone is in the middle of requesting WLAN-1.4.1SR1.SBN.  Not sure how the phone handles that, but it continues to ask for WLAN-1.4.1SR1.SBN 4 more times after that then stops asking.
 
Looks like I’ll be opening a TAC case.
 
Something must have changed with these 2 Ringlist.xml files that is causing issues with the ASA Phone-proxy feature, since nothing changed on the ASA side.
 
-C
 
From: Ryan Ratliff [mailto:rratliff at cisco.com] 
Sent: Tuesday, March 27, 2012 4:21 PM
To: c3voip
Cc: 'Wes Sisk'; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] ASA Phone-Proxy, CUCM 7.1(5b)SU4, and 7921/7925
 
Does a packet capture on the outside ASA interface show the phone sending the Acks or that the data is getting out to the phone even?   
 
-Ryan
 
On Mar 27, 2012, at 3:39 PM, c3voip wrote:


It is just stops seeing ACK’s come back.
 
Socket[35] Async IO started successfully|<CLID::CCM1-Cluster><NID::TFTP><LVL::Significant><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [1] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [2] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [3] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [4] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [5] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] Expecting block[359] Retrying [6] times...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
No ACK, Closing Socket[35] Serving File[TNUXH-1.4.1SR1.SBN] After[6]retries...|<CLID:: CCM1-Cluster><NID::TFTP><LVL::Detailed><MASK::0004>
 
It is almost like it is the phone that stops communicating, but I have tried all of the versions of firmware for these wifi phones and they are all the same.
 
-C
 
From: Wes Sisk [mailto:wsisk at cisco.com] 
Sent: Tuesday, March 27, 2012 1:13 PM
To: c3voip
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] ASA Phone-Proxy, CUCM 7.1(5b)SU4, and 7921/7925
 
sounds like a timing issue.  historically when turning on debugs works around a problem the underlying reason is that debugs slow down processing sufficiently to mask the race condition.
 
one tidbit does come to mind here - tftp retransmits.  The tftp server on cucm has very limited retransmits, like maybe one.
 
when TFTP fails what do debugs, packet captures, or ccm TFTP server traces show?
 
/wes
 
On Mar 26, 2012, at 2:36 PM, c3voip wrote:



I have upgraded from CUCM 7.1(2a) to CUCM 7.1(5b)SU4 without any issues, but now I am having issues loading firmware to my 7921 and 7925 wifi phones through my ASA5520 with the Phone Proxy feature. 
 
Here comes the curveball, if I turn on phone-proxy tftp debugs on the ASA everything works normally, but nothing has changed on the ASA so why should this allow tftp to work?
 
I have taken packet captures from both sides of the ASA, without the debug turned on, and the wifi phone just looks like it stops ACK’ing the tftp packets.
 
 
Does anyone else have a setup similar to mine or has anyone experienced anything like this?
 
Thanks,
-C
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
 
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120328/0a1df632/attachment.html>

More information about the cisco-voip mailing list