[cisco-voip] phone hardware / LSC question - 8945

Erick Wellnitz ewellnitzvoip at gmail.com
Fri Nov 1 14:31:39 EDT 2013


Ok, I just had an 'a-ha' moment.

If I turn off auto network detect and set the VPN setting in the phone to
'On' it will always connect, provided it can reach the internet and the ASA
is reachable.  No proxy arp problems and no worries about the user's home
network.


On Fri, Nov 1, 2013 at 12:50 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>wrote:

> Auto Network Detect is indeed enabled.  According to the following link,
> the phone pings the TFTP server.  If there is no response the phone should
> initiate the VPN connection.  I'm not very familiar with proxy arp so does
> that mean the router would respond to pings to my TFTP server?
>
> Alternate TFTP is also set.
>
> The problem with turning off Auto Network Detect is that many of the
> intended users of the phone vpn are non-technical so it needs to be plug
> and play.  Is there a knowledge base of some of the routers that work well
> with phone VPN?
>
>
>
>
> On Fri, Nov 1, 2013 at 8:32 AM, Brian Meade (brmeade) <brmeade at cisco.com>wrote:
>
>>  Erick,****
>>
>> ** **
>>
>> That should be the only way the CAPF.pem is able to be regenerated.****
>>
>> ** **
>>
>> Do you have Auto Network Detect enabled on the VPN profile?  If so, you
>> might want to try creating a new profile for that user with it turned off.
>> Auto Network Detect doesn’t work well with some home routers due to proxy
>> ARP.  Do you have the Alternate TFTP hard set on the phone as well?****
>>
>> ** **
>>
>> Brian****
>>
>> ** **
>>
>> *From:* Erick Wellnitz [mailto:ewellnitzvoip at gmail.com]
>> *Sent:* Thursday, October 31, 2013 6:01 PM
>> *To:* Brian Meade (brmeade)
>> *Cc:* cisco-voip
>> *Subject:* Re: [cisco-voip] phone hardware / LSC question - 8945****
>>
>> ** **
>>
>> LSC shows as installed.  The VPN wouldn't even try to connect and it
>> wouldn't allow us to turn VP Non in the settings.  Nothing had changed
>> prior to when it stopped working.****
>>
>>  ****
>>
>> The only way CAPF.pem would get regenerated is by doing so through
>> certificate management, correct?****
>>
>> ** **
>>
>> On Thu, Oct 31, 2013 at 4:50 PM, Brian Meade (brmeade) <brmeade at cisco.com>
>> wrote:****
>>
>> It should be saved on the built-in flash just like the MIC.  Does the
>> phone show the LSC as being installed?  ****
>>
>>  ****
>>
>> The console logs are really good for VPN issues.  It should print out
>> exactly why the VPN connection is failing with the new LSC.  Has your
>> CAPF.pem been regenerated on the publisher since the last time you issued
>> phone VPN LSCs?****
>>
>>  ****
>>
>> Brian****
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>> Behalf Of *Erick Wellnitz
>> *Sent:* Thursday, October 31, 2013 5:16 PM
>> *To:* cisco-voip
>> *Subject:* [cisco-voip] phone hardware / LSC question - 8945****
>>
>>  ****
>>
>> Phone hardware question.  Does the LSC get stored somewhere other than
>> the same place the firmware image gets stored on the phone?****
>>
>>  ****
>>
>> The reason I ask is we had a VPN phone lose power a few days back
>> (probably not connected to a surge protector).  Had the user bring the
>> phone into the office to reinstall the LSC and it still could not connect
>> to the VPN.****
>>
>>  ****
>>
>> Anyone ever encountered something like this?****
>>
>> ** **
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131101/5a25a206/attachment.html>


More information about the cisco-voip mailing list