[cisco-voip] phone hardware / LSC question - 8945

Brian Meade (brmeade) brmeade at cisco.com
Fri Nov 1 14:37:28 EDT 2013


Erick,

I've seen it happen before.  You could just try pinging the TFTP address from a PC on the same LAN and seeing what kind of response you get.  If it's anything other than "Request timed out." responses, you may have a problem with that.  There's no knowledge base of routers that work well with this feature unfortunately.

Yea, that should work if these phones are always going to be at home and not brought into the office.

Some phone models such as the Cius have more intelligent Auto Network Detect algorithms where it tries to connect to CUCM via HTTP instead rather than using ping.

Brian

From: Erick Wellnitz [mailto:ewellnitzvoip at gmail.com]
Sent: Friday, November 01, 2013 2:32 PM
To: Brian Meade (brmeade)
Cc: cisco-voip
Subject: Re: [cisco-voip] phone hardware / LSC question - 8945

Ok, I just had an 'a-ha' moment.

If I turn off auto network detect and set the VPN setting in the phone to 'On' it will always connect, provided it can reach the internet and the ASA is reachable.  No proxy arp problems and no worries about the user's home network.

On Fri, Nov 1, 2013 at 12:50 PM, Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
Auto Network Detect is indeed enabled.  According to the following link, the phone pings the TFTP server.  If there is no response the phone should initiate the VPN connection.  I'm not very familiar with proxy arp so does that mean the router would respond to pings to my TFTP server?

Alternate TFTP is also set.

The problem with turning off Auto Network Detect is that many of the intended users of the phone vpn are non-technical so it needs to be plug and play.  Is there a knowledge base of some of the routers that work well with phone VPN?



On Fri, Nov 1, 2013 at 8:32 AM, Brian Meade (brmeade) <brmeade at cisco.com<mailto:brmeade at cisco.com>> wrote:
Erick,

That should be the only way the CAPF.pem is able to be regenerated.

Do you have Auto Network Detect enabled on the VPN profile?  If so, you might want to try creating a new profile for that user with it turned off.  Auto Network Detect doesn't work well with some home routers due to proxy ARP.  Do you have the Alternate TFTP hard set on the phone as well?

Brian

From: Erick Wellnitz [mailto:ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>]
Sent: Thursday, October 31, 2013 6:01 PM
To: Brian Meade (brmeade)
Cc: cisco-voip
Subject: Re: [cisco-voip] phone hardware / LSC question - 8945

LSC shows as installed.  The VPN wouldn't even try to connect and it wouldn't allow us to turn VP Non in the settings.  Nothing had changed prior to when it stopped working.

The only way CAPF.pem would get regenerated is by doing so through certificate management, correct?

On Thu, Oct 31, 2013 at 4:50 PM, Brian Meade (brmeade) <brmeade at cisco.com<mailto:brmeade at cisco.com>> wrote:
It should be saved on the built-in flash just like the MIC.  Does the phone show the LSC as being installed?

The console logs are really good for VPN issues.  It should print out exactly why the VPN connection is failing with the new LSC.  Has your CAPF.pem been regenerated on the publisher since the last time you issued phone VPN LSCs?

Brian
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Erick Wellnitz
Sent: Thursday, October 31, 2013 5:16 PM
To: cisco-voip
Subject: [cisco-voip] phone hardware / LSC question - 8945

Phone hardware question.  Does the LSC get stored somewhere other than the same place the firmware image gets stored on the phone?

The reason I ask is we had a VPN phone lose power a few days back (probably not connected to a surge protector).  Had the user bring the phone into the office to reinstall the LSC and it still could not connect to the VPN.

Anyone ever encountered something like this?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131101/37eeac46/attachment.html>


More information about the cisco-voip mailing list