Compguy209
asked on
Cisco VOIP VPN RV042
I currently have a UC520 at the office with 3 phones and the pstn lines coming into it. I have two RV042 routers setup with a vpn between the office and my home. I cant get my phones to register with the UC520 from the house. Basicly i have a RV042 at each site with a VPN setup and I can ping vnc rdp etc into pc's from one site to another. I cant for the life of me figure out how to get the phones to register with the UC520 from the house to the office across the vpn. Is this the correct way of going about it? Should I just use one RV042 and VPN directly into the UC520? Can I leave the current VPN in place with the two RV042's and get the phones to work across the vpn to the uc520? Looking for some insite and help.
Thanks for your time.
Thanks for your time.
ASKER
basicly right now its UC520 --> RV042 --> WAN -- > RV042 --> Phones
i had routes added to point to the gateways on either side but could not get the phones to register.
i had routes added to point to the gateways on either side but could not get the phones to register.
We need to start with the basics:
1 - What device is doing DHCP on the remote end (it needs to send the boot server IP so the phones know how to find the UCM).
2 - Are the phones getting an IP address?
3 - Are the phones pulling a config from the UC?
4 - Can the UC ping the phones?
1 - What device is doing DHCP on the remote end (it needs to send the boot server IP so the phones know how to find the UCM).
2 - Are the phones getting an IP address?
3 - Are the phones pulling a config from the UC?
4 - Can the UC ping the phones?
ASKER
Remote side has server 2003 sbs premium with a dhcp scope with option 066 set to the UC520 ip.
Phones are getting ip address.
Im getting an timeout error on the phone logs when it goes to pull the config.
UC can ping the phones from cli.
Phones are getting ip address.
Im getting an timeout error on the phone logs when it goes to pull the config.
UC can ping the phones from cli.
you need to set DHCP option 150 for the IP address of the UC520, not option 66
Make sure the telephony service source IP is part of the VPN tunnel
Make sure the telephony service source IP is part of the VPN tunnel
ASKER
You can use option 66 if you have a single ip or option 150 for multiple ip's. That is not the issue.
ASKER
To quote cisco "A valid TFTP server must be set in DHCP option 150 or option 66 on the DHCP server."
From the network the phones are in, if you connect a PC, can you tftp 'get' a file?
ASKER
this is what i currently see on the phone
DHCP Server 192.168.2.250
BOOTP Server No
MAC Address B4A4E3D6A2F1
Host Name SEPB4A4E3D6A2F1
Domain Name removed*
IP Address 192.168.2.103
Subnet Mask 255.255.255.0
TFTP Server 1 10.1.1.1
Default Router 1 192.168.2.1
DHCP Server 192.168.2.250
BOOTP Server No
MAC Address B4A4E3D6A2F1
Host Name SEPB4A4E3D6A2F1
Domain Name removed*
IP Address 192.168.2.103
Subnet Mask 255.255.255.0
TFTP Server 1 10.1.1.1
Default Router 1 192.168.2.1
ASKER
this is the log from the phone
9:52:40a Error Updating Locale
9:52:40a Error Updating Locale
9:51:55a No CTL installed
9:52:15a No CTL installed
9:52:36a TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:25:29p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:25:29p DHCPv6 Timeout
2:26:44p No CTL installed
2:27:04p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:27:05p DHCPv6 Timeout
9:52:40a Error Updating Locale
9:52:40a Error Updating Locale
9:51:55a No CTL installed
9:52:15a No CTL installed
9:52:36a TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:25:29p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:25:29p DHCPv6 Timeout
2:26:44p No CTL installed
2:27:04p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
2:27:05p DHCPv6 Timeout
ASKER
so im guessing the issue is the phone cant get the config from the UC520 tftp server across the vpn.
Is 10.1.1.1 the address of the UC?
You did not answer my question, can you tftp 'get' from a PC in the 192.168.2.0/24 network a file? Try to 'get' SEPB4A4E3D6A2F1.cnf.xml
The filename is case sensitive.
You did not answer my question, can you tftp 'get' from a PC in the 192.168.2.0/24 network a file? Try to 'get' SEPB4A4E3D6A2F1.cnf.xml
The filename is case sensitive.
ASKER
what the command structure to use the tftp command from dos? tftp host 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml ???
DOS? You mean windows command line?
I just googled and it looks like XP has a tftp client, Win 7 does not.
According to the docs:
'tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml' should work.
You did not answer my question, is 10.1.1.1 the address of the UC ?
I just googled and it looks like XP has a tftp client, Win 7 does not.
According to the docs:
'tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml' should work.
You did not answer my question, is 10.1.1.1 the address of the UC ?
ASKER
yes 10.1.1.1 is the ip of the UC and i can ping it from computers on either side of the vpn
ASKER
i cant use
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
from pc's on either side of the vpn
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
from pc's on either side of the vpn
What do you mean can't use?
Do you mean the command does not exist on your windows version or it times out?
You can use any tftp client for this test.
Do you mean the command does not exist on your windows version or it times out?
You can use any tftp client for this test.
ASKER
when i use
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
i just get a blinking cursor on the next line and it sits there
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
i just get a blinking cursor on the next line and it sits there
ASKER
ok i get timeout occured
ASKER
oddly i get timeout occured from 'tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml' from the pc's on either side
Please do not post three replies, this is not a chat line.
Do the phones work if you connect them to the 10.1.1.0/24 network?
It is almost as if the service is not running.
I am not an expert on the Cisco UC, I know the phones use tftp for provisioning.
Do the phones work if you connect them to the 10.1.1.0/24 network?
It is almost as if the service is not running.
I am not an expert on the Cisco UC, I know the phones use tftp for provisioning.
ASKER
yes the 3 phones at the office that are on 10.1.1.0/24 are all connected and working and can pull the background images rings tones etc from 10.1.1.1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The IP address of the RV042 at the office is 10.1.1.5
UC520>show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.1.1.5 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.1.5
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.1.1.0/24 is directly connected, BVI100
L 10.1.1.1/32 is directly connected, BVI100
C 10.1.10.0/30 is directly connected, Loopback0
S 10.1.10.1/32 is directly connected, Integrated-Service-Engine0
L 10.1.10.2/32 is directly connected, Loopback0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, BVI1
L 192.168.10.1/32 is directly connected, BVI1
UC520>
UC520>show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.1.1.5 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.1.5
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.1.1.0/24 is directly connected, BVI100
L 10.1.1.1/32 is directly connected, BVI100
C 10.1.10.0/30 is directly connected, Loopback0
S 10.1.10.1/32 is directly connected, Integrated-Service-Engine0
L 10.1.10.2/32 is directly connected, Loopback0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, BVI1
L 192.168.10.1/32 is directly connected, BVI1
UC520>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes the RV042 at the house on the other side of the vpn have a ip of 192.168.2.1
From the house i can ping 10.1.1.1 and telnet into the uc520 using that ip.
on the UC520 itself i have a route of "0.0.0.0 0.0.0.0 10.1.1.5" which pushes all the traffic tot he RV042 and from the RV042 i have created static routes
From the house i can ping 10.1.1.1 and telnet into the uc520 using that ip.
on the UC520 itself i have a route of "0.0.0.0 0.0.0.0 10.1.1.5" which pushes all the traffic tot he RV042 and from the RV042 i have created static routes
I am out of ideas for the night. I will review in the morning and provide additional input.
Another expert is also likely to chime in with fresh ideas.
Good luck.
Another expert is also likely to chime in with fresh ideas.
Good luck.
Just for giggles, make it option 150 on the DHCP server..
ASKER
No need to make it option 150. I now have it working and still using option 66.
The issue was a routing problem with the RV042 at the house side of the VPN. I decided to reset the RV042's and I started with the house side. I setup the vpn again entered the static routes back in and the phones at the house registered and got an extension. I must have had one of the routes wrong is all I can figure.
The issue was a routing problem with the RV042 at the house side of the VPN. I decided to reset the RV042's and I started with the house side. I setup the vpn again entered the static routes back in and the phones at the house registered and got an extension. I must have had one of the routes wrong is all I can figure.
ASKER
SkykingOH was leading me in the right direction of what the real issue was. It turns out it was a routing issue.
Glad you got it sorted out. Also glad to hear that it works with option 66.
What was the exact routing issue so others can benefit.
ASKER
Couldnt tell you which static route I had wrong since I just dumped the configs. The UC520 does not support any routing protocols not even rip leaving room for error when entering routes ;)
If this is an Asterisk based system you need to use the "localnet" setting to tell Asterisk not to NAT the VPN traffic.
The phones also have to have the VPN router as the gateway.