[cisco-voip] Fortinet SSL VPN UCCX

Dan Mason dmason at winxnet.com
Mon Jan 30 12:03:44 EST 2017


Any seen issues with SSL VPN users running CAD/Supervisor over a Fortigate VPN connection?  Im seeing traffic both ways on correct ports but chat/agent summary isn't working from the Supervisor client.

FortiOS:  5.2.10
CCX 9.0.2




-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of cisco-voip-request at puck.nether.net
Sent: Monday, January 30, 2017 12:00 PM
To: cisco-voip at puck.nether.net
Subject: cisco-voip Digest, Vol 159, Issue 23

Send cisco-voip mailing list submissions to
cisco-voip at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSqdJf2rxHGHXc&e=
or, via email, send a message with subject or body 'help' to
cisco-voip-request at puck.nether.net

You can reach the person managing the list at
cisco-voip-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific than "Re: Contents of cisco-voip digest..."


Today's Topics:

   1. Cluster setup with 2 Subs - Sub 2 did not pick up the load.
      (Gary_Bates_Command_Solutions)
   2. Re: Cluster setup with 2 Subs - Sub 2 did not pick up the
      load. (Bernhard Albler)
   3. Re: Cluster setup with 2 Subs - Sub 2 did not pick up the
      load. (Nathan Reeves)
   4. Re: Cluster setup with 2 Subs - Sub 2 did not pick up the
      load. (Ryan Huff)


----------------------------------------------------------------------

Message: 1
Date: Mon, 30 Jan 2017 17:52:38 +1100
From: "Gary_Bates_Command_Solutions" <gbates at commandsolutions.com.au>
To: "'Cisco VoIP List'" <cisco-voip at puck.nether.net>
Subject: [cisco-voip] Cluster setup with 2 Subs - Sub 2 did not pick
up the load.
Message-ID: <029901d27ac5$724d9a00$56e8ce00$@commandsolutions.com.au>
Content-Type: text/plain; charset="us-ascii"

My client had an issue where the 2nd sub did not register any phones when the Pub and primary Sub failed.



This is a 1500 seat call centre so it caused a massive problem.



All phones have the IP addresses of both subs in their TFTP server lists.
Network routing confirmed ok. Call Manager / TFTP service running on both Subs. DB replication status good.



Could someone confirm that if Pub / Sub 1 go down, Sub 2 should allow phone/ device registration and calls to still work ?



Regards



 Gary Bates

 Voice and Network Specialist

 CCIE #53842







 Mobile 0424 229 995 ( + 61 424 229995 )

 Email:  <mailto:garycomsolutions at iprimus.com.au>
gbates at commandsolutions.com.au



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_4df99885_attachment-2D0001.html&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=tXU-e7ICPeiHxlnABnOWEDiUC8TRpfN1SwEAKKIqVEo&e= >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2737 bytes
Desc: not available
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_4df99885_attachment-2D0001.jpg&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=gLyYeCMMGK-dx6nsyfoY5LqBCEjSvh6mfxAO20VZew0&e= >

------------------------------

Message: 2
Date: Mon, 30 Jan 2017 08:14:25 +0100
From: Bernhard Albler <https://urldefense.proofpoint.com/v2/url?u=http-3A__bernhard.albler-40gmail.com&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=QwrZDORfn-W-ym7FY4CO0jje-o3GorUtfUorQIsFYag&e= >
To: Gary_Bates_Command_Solutions <gbates at commandsolutions.com.au>
Cc: Cisco VoIP List <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Cluster setup with 2 Subs - Sub 2 did not
pick up the load.
Message-ID:
<CADiisv0erfDk-J8ti=h+o8MASxwZjB=Xh4rnbrpscDCgZ+2XwQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Gary,
You mention TFTP List: Do you mean the TFTP as assigned from DHCP (Option
150) or the CallManager Group in UCM?
Registration Failover is exclusively controlled by the callmanager group This should work, check 1.)Callmanager group assignment in UCM 2.)Do the phones pick up the config (Check phone log for tftp errors) 3.)Check phone config via the phone web page (do you see all call control hosts assigned there)

On Mon, Jan 30, 2017 at 7:52 AM, Gary_Bates_Command_Solutions < gbates at commandsolutions.com.au> wrote:

> My client had an issue where the 2nd sub did not register any phones
> when the Pub and primary Sub failed.
>
>
>
> This is a 1500 seat call centre so it caused a massive problem.
>
>
>
> All phones have the IP addresses of both subs in their TFTP server lists.
> Network routing confirmed ok. Call Manager / TFTP service running on
> both Subs. DB replication status good.
>
>
>
> Could someone confirm that if Pub / Sub 1 go down, Sub 2 should allow
> phone/ device registration and calls to still work ?
>
>
>
> Regards
>
>
>
> * Gary Bates*
>
> * Voice and Network Specialist *
>
> * CCIE #53842*
>
>
>
> [image: cid:image001.jpg at 01CC9F93.487A1130]
>
>
>
>  Mobile 0424 229 995 ( + 61 424 229995 <+61%20424%20229%20995> )
>
>  Email: gbates at commandsolutions.com.au
> <garycomsolutions at iprimus.com.au>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_m
> ailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5
> A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbt
> N2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSq
> dJf2rxHGHXc&e=
>
>


--
Bernhard Albler, +4369917207384
--
"Was Nachwelt! Wie komm' ich dazu was f?r die Nachwelt zu tun? Was hat denn die Nachwelt f?r mich getan?"
--Carl Friedrich Zelter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_0aa92c30_attachment-2D0001.html&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=nO5BJFUF2LrJN9gFbWzxBayYN23cIwxoU7ZwKPtALDc&e= >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2737 bytes
Desc: not available
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_0aa92c30_attachment-2D0001.jpg&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=qFrcGe2qu4b2yD0euAYpKjy5iIJbHXjLDoUyCDMxtqc&e= >

------------------------------

Message: 3
Date: Mon, 30 Jan 2017 15:15:22 +0800
From: Nathan Reeves <https://urldefense.proofpoint.com/v2/url?u=http-3A__nathan.a.reeves-40gmail.com&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=g1ERqeaiEwCm31QH0X3E5IjdhCXwUdgUYw8q_GYhxfU&e= >
To: Gary_Bates_Command_Solutions <gbates at commandsolutions.com.au>
Cc: Cisco VoIP List <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Cluster setup with 2 Subs - Sub 2 did not
pick up the load.
Message-ID:
<CAFi9pDpDUKGOCU7gekLLOw=Eesw21QuND17yNQZXLva9SegDKQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Which Servers are included in the Server Group which is selected in the Device Pool assigned to the Phones?  When you mention 'TFTP Server lists', I'm assuming you mean the IP Addresses included in DHCP Option 150?  This is seperate to the CUCM Servers that are pushed to the phones.

But assuming all servers are included in the CUCM Server Group assigned to the Device Pool, the phones should have failed over upon loss of communication with their primary (and possibly) secondary CUCM Server.

Take a look at the web page of a phone and under the 'Network Setup' page, see what are set for 'Unified CM 1', 'Unified CM 2' and 'Unified CM 3' are.

On Mon, Jan 30, 2017 at 2:52 PM, Gary_Bates_Command_Solutions < gbates at commandsolutions.com.au> wrote:

> My client had an issue where the 2nd sub did not register any phones
> when the Pub and primary Sub failed.
>
>
>
> This is a 1500 seat call centre so it caused a massive problem.
>
>
>
> All phones have the IP addresses of both subs in their TFTP server lists.
> Network routing confirmed ok. Call Manager / TFTP service running on
> both Subs. DB replication status good.
>
>
>
> Could someone confirm that if Pub / Sub 1 go down, Sub 2 should allow
> phone/ device registration and calls to still work ?
>
>
>
> Regards
>
>
>
> * Gary Bates*
>
> * Voice and Network Specialist *
>
> * CCIE #53842*
>
>
>
> [image: cid:image001.jpg at 01CC9F93.487A1130]
>
>
>
>  Mobile 0424 229 995 ( + 61 424 229995 <+61%20424%20229%20995> )
>
>  Email: gbates at commandsolutions.com.au
> <garycomsolutions at iprimus.com.au>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_m
> ailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5
> A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbt
> N2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSq
> dJf2rxHGHXc&e=
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_434a015a_attachment-2D0001.html&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=pjl_ajGJ0YkyFXViul4P_FvNElm2CSbyaCVzyMm-IdM&e= >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2737 bytes
Desc: not available
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_434a015a_attachment-2D0001.jpg&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=6wZ07_l3DlFt45lU8RX0j_s0cIZN_xA_CinEjGWL_Uo&e= >

------------------------------

Message: 4
Date: Mon, 30 Jan 2017 12:42:08 +0000
From: Ryan Huff <ryanhuff at outlook.com>
To: Nathan Reeves <https://urldefense.proofpoint.com/v2/url?u=http-3A__nathan.a.reeves-40gmail.com&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=g1ERqeaiEwCm31QH0X3E5IjdhCXwUdgUYw8q_GYhxfU&e= >
Cc: Gary_Bates_Command_Solutions <gbates at commandsolutions.com.au>,
"Cisco VoIP List" <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Cluster setup with 2 Subs - Sub 2 did not
pick up the load.
Message-ID:
<BLUPR18MB0482F8C075375F9EAB7042EEC54B0 at BLUPR18MB0482.namprd18.prod.outlook.com>

Content-Type: text/plain; charset="us-ascii"

I realize you mentioned the IP addresses of the communications manager servers were listed in the phone's trust list however; keep in mind that if DNS/FQDNs are being used, the phones will also have to be able to resolve those FQDNs (otherwise, you'd likely experience something very similar to this).

If you have verified from the individual phone, that all registerable nodes are listed in the trust list, verify those nodes are also in the CM Server Group.

You might also check on this server node that did not except phone registrations, that CM services and TFTP services are enabled.

-Ryan

On Jan 30, 2017, at 2:15 AM, Nathan Reeves <https://urldefense.proofpoint.com/v2/url?u=http-3A__nathan.a.re&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=Jp42AuOwhhl5oyjyWhPW3VoDQoRc6CuevuZaQSraPLg&e= eves at gmail.com<mailto:nathan.a.reeves at gmail.com>> wrote:

Which Servers are included in the Server Group which is selected in the Device Pool assigned to the Phones?  When you mention 'TFTP Server lists', I'm assuming you mean the IP Addresses included in DHCP Option 150?  This is seperate to the CUCM Servers that are pushed to the phones.

But assuming all servers are included in the CUCM Server Group assigned to the Device Pool, the phones should have failed over upon loss of communication with their primary (and possibly) secondary CUCM Server.

Take a look at the web page of a phone and under the 'Network Setup' page, see what are set for 'Unified CM 1', 'Unified CM 2' and 'Unified CM 3' are.

On Mon, Jan 30, 2017 at 2:52 PM, Gary_Bates_Command_Solutions <gbates at commandsolutions.com.au<mailto:gbates at commandsolutions.com.au>> wrote:
My client had an issue where the 2nd sub did not register any phones when the Pub and primary Sub failed.

This is a 1500 seat call centre so it caused a massive problem.

All phones have the IP addresses of both subs in their TFTP server lists. Network routing confirmed ok. Call Manager / TFTP service running on both Subs. DB replication status good.

Could someone confirm that if Pub / Sub 1 go down, Sub 2 should allow phone/ device registration and calls to still work ?

Regards

 Gary Bates
 Voice and Network Specialist
 CCIE #53842

[cid:image001.jpg at 01CC9F93.487A1130]

 Mobile 0424 229 995 ( + 61 424 229995<tel:+61%20424%20229%20995> )
 Email: gbates at commandsolutions.com.au<mailto:garycomsolutions at iprimus.com.au>


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSqdJf2rxHGHXc&e=


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSqdJf2rxHGHXc&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_c31033c3_attachment-2D0001.html&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=NWZnhd9zeKY2QIBNxyXMMR0b4WIl_wh7mf2SFyMHzJ4&e= >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2737 bytes
Desc: image001.jpg
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_c31033c3_attachment-2D0002.jpg&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=FOYp7iN9jj39k18x5BnSk2m-bBb0IUX6ZdFeKXr5pNI&e= >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2737 bytes
Desc: image001.jpg
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_pipermail_cisco-2Dvoip_attachments_20170130_c31033c3_attachment-2D0003.jpg&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=_CrPVlPAtoRm1rCUS9XlQs2s1v9RZhtztlTzIYo7268&e= >

------------------------------

Subject: Digest Footer

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dvoip&d=DQICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=__J_mRWed6v-NS1wLqgaOEJvgtKOvHgszu8ypqZazE4&m=z6fImVbtN2c9ujgHPpC6fLJOn9Vvg4xcIKszGENUahw&s=2HkddNJbwwI1cy0dMLfAXUTCWj_CAjSqdJf2rxHGHXc&e=


------------------------------

End of cisco-voip Digest, Vol 159, Issue 23
*******************************************

________________________________

This E-mail and any of its attachments may contain Winxnet, Inc. proprietary information, which is privileged, confidential, or subject to copyright belonging to Winxnet, Inc.. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.


More information about the cisco-voip mailing list