[cisco-voip] strange phone VPN issue after CUCM upgrade
Erick Wellnitz
ewellnitzvoip at gmail.com
Fri Nov 8 16:36:21 EST 2013
Hold on...
We're doing the anyconnect phone VPN, not phone proxy. I didn't look
closely at the document.
Here is the document we followed.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080bef910.shtml
I may have one or two more phones with the issue. I'll see if I can get
one back to look at the logs.
On Fri, Nov 8, 2013 at 3:05 PM, Ryan Ratliff (rratliff)
<rratliff at cisco.com>wrote:
> Ok, so did you see what the expiration on the old LSC was? That's the
> most common reason for this to get borked. The cert exchange is only
> between the phone and ASA so a UCM upgrade shouldn't have anything to do
> with it.
>
> -Ryan
>
> On Nov 8, 2013, at 3:36 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:
>
> That is exactly what we followed.
>
>
> On Fri, Nov 8, 2013 at 2:13 PM, Ryan Ratliff (rratliff) <
> rratliff at cisco.com> wrote:
>
>> This is the process I was referring to.
>> https://supportforums.cisco.com/docs/DOC-12963
>>
>> One way let's you provision LSCs for remote phones. The other requires
>> you to bring them into the network.
>>
>> -Ryan
>>
>> On Nov 8, 2013, at 2:34 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
>> wrote:
>>
>> The only way we could get it working at all was by using the CAPF
>> settings on the phone config page.
>>
>> If there is a better way or a more stable way, I'd rather do that.
>>
>>
>> On Fri, Nov 8, 2013 at 1:19 PM, Ryan Ratliff (rratliff) <
>> rratliff at cisco.com> wrote:
>>
>>> Did you create the LSC from the ASA or from UCM CAPF?
>>>
>>> Any debugs you saved from the ASA (or phone) indicating why the cert
>>> wasn't working?
>>>
>>> -Ryan
>>>
>>> On Nov 8, 2013, at 10:59 AM, Erick Wellnitz <ewellnitzvoip at gmail.com>
>>> wrote:
>>>
>>> I found something kind of odd with the phone VPN. After upgrade, I had
>>> to update the LSC on all VPN phones.
>>>
>>> I wouldn't think anything with the LSC would have changed but the phones
>>> wouldn't connect without an update.
>>>
>>> If this is expected then I'm thinking it is a deal-breaker on using
>>> phone VPN.
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131108/5ba5be87/attachment.html>
More information about the cisco-voip
mailing list