Cisco VOIP VPN RV042

I currently have a UC520 at the office with 3 phones and the pstn lines coming into it. I have two RV042 routers setup with a vpn between the office and my home. I cant get my phones to register with the UC520 from the house. Basicly i have a RV042 at each site with a VPN setup and I can ping vnc rdp etc into pc's from one site to another. I cant for the life of me figure out how to get the phones to register with the UC520 from the house to the office across the vpn. Is this the correct way of going about it? Should I just use one RV042 and VPN directly into the UC520? Can I leave the current VPN in place with the two RV042's and get the phones to work across the vpn to the uc520? Looking for some insite and help.
Thanks for your time.
Compguy209Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SkykingOHCommented:
Are the phones trying to register to a central server?  It needs to have a route to each of the remote networks.

If this is an Asterisk based system you need to use the "localnet" setting to tell Asterisk not to NAT the VPN traffic.

The phones also have to have the VPN router as the gateway.

Compguy209Author Commented:
basicly right now its UC520 --> RV042 --> WAN -- > RV042 --> Phones
i had routes added to point to the gateways on either side but could not get the phones to register.
SkykingOHCommented:
We need to start with the basics:

1 - What device is doing DHCP on the remote end (it needs to send the boot server IP so the phones know how to find the UCM).

2 - Are the phones getting an IP address?

3 - Are the phones pulling a config from the UC?

4 - Can the UC ping the phones?

Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Compguy209Author Commented:
Remote side has server 2003 sbs premium with a dhcp scope with option 066 set to the UC520 ip.
Phones are getting ip address.
Im getting an timeout error on the phone logs when it goes to pull the config.
UC can ping the phones from cli.
lrmooreCommented:
you need to set DHCP option 150 for the IP address of the UC520, not option 66
Make sure the telephony service source IP is part of the VPN tunnel
Compguy209Author Commented:
You can use option 66 if you have a single ip or option 150 for multiple ip's. That is not the issue.
Compguy209Author Commented:
To quote cisco "A valid TFTP server must be set in DHCP option 150 or option 66 on the DHCP server."
SkykingOHCommented:
From the network the phones are in, if you connect a PC, can you tftp 'get' a file?

Compguy209Author Commented:
this is what i currently see on the phone
DHCP Server  192.168.2.250
BOOTP Server  No
MAC Address  B4A4E3D6A2F1
Host Name  SEPB4A4E3D6A2F1
Domain Name  removed*
IP Address  192.168.2.103
Subnet Mask  255.255.255.0
TFTP Server 1  10.1.1.1
Default Router 1  192.168.2.1
Compguy209Author Commented:
this is the log from the phone
9:52:40a Error Updating Locale
 9:52:40a Error Updating Locale
 9:51:55a No CTL installed
 9:52:15a No CTL installed
 9:52:36a TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
 2:25:29p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
 2:25:29p DHCPv6 Timeout
 2:26:44p No CTL installed
 2:27:04p TFTP Timeout : SEPB4A4E3D6A2F1.cnf.xml
 2:27:05p DHCPv6 Timeout
Compguy209Author Commented:
so im guessing the issue is the phone cant get the config from the UC520 tftp server across the vpn.
SkykingOHCommented:
Is 10.1.1.1 the address of the UC?

You did not answer my question, can you tftp 'get' from a PC in the 192.168.2.0/24 network a file?  Try  to 'get' SEPB4A4E3D6A2F1.cnf.xml

The filename is case sensitive.

 
 
Compguy209Author Commented:
what the command structure to use the tftp command from dos? tftp host 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml ???
SkykingOHCommented:
DOS?  You mean windows command line?

I just googled and it looks like XP has a tftp client, Win 7 does not.  

According to the docs:

'tftp -i 10.1.1.1 get  SEPB4A4E3D6A2F1.cnf.xml'  should work.

You did not answer my question, is 10.1.1.1 the address of the UC ?




Compguy209Author Commented:
yes 10.1.1.1 is the ip of the UC and i can ping it from computers on either side of the vpn
Compguy209Author Commented:
i cant use
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
from pc's on either side of the vpn
SkykingOHCommented:
What do you mean can't use?

Do you mean the command does not exist on your windows version or it times out?

You can use any tftp client for this test.  

Compguy209Author Commented:
when i use
tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml
i just get a blinking cursor on the next line and it sits there
 
Compguy209Author Commented:
ok i get timeout occured
Compguy209Author Commented:
oddly i get timeout occured from 'tftp -i 10.1.1.1 get SEPB4A4E3D6A2F1.cnf.xml' from the pc's on either side
SkykingOHCommented:
Please do not post three replies, this is not a chat line.

Do the phones work if you connect them to the 10.1.1.0/24 network?

It is almost as if the service is not running.

I am not an expert on the Cisco UC, I know the phones use tftp for provisioning.

Compguy209Author Commented:
yes the 3 phones at the office that are on 10.1.1.0/24 are all connected and working and can pull the background images rings tones etc from 10.1.1.1
SkykingOHCommented:
What is the IP address of the RV042?  

What is the output of the 'show ip route' command from the UC520?

Compguy209Author Commented:
The IP address of the RV042 at the office is 10.1.1.5

UC520>show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 10.1.1.5 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.1.1.5
      10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        10.1.1.0/24 is directly connected, BVI100
L        10.1.1.1/32 is directly connected, BVI100
C        10.1.10.0/30 is directly connected, Loopback0
S        10.1.10.1/32 is directly connected, Integrated-Service-Engine0/0
L        10.1.10.2/32 is directly connected, Loopback0
      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, BVI1
L        192.168.10.1/32 is directly connected, BVI1
UC520>
SkykingOHCommented:
I am not sure what you are doing with the BVI.

Have you created an interface in the UC520 in the 192.168.10.0/24 network?  If so you need to remove the ip address from the BVI.

You need to have a route to the VPN network, bridging is not the correct method.

The command would be:

'ip route 192.168.2.0 255.255.255.0 10.1.1.5'

I also assume that the RV on the remote end had an IP address 192.168.2.1?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Compguy209Author Commented:
Yes the RV042 at the house on the other side of the vpn have a ip of 192.168.2.1
From the house i can ping 10.1.1.1 and telnet into the uc520 using that ip.

on the UC520 itself i have a route of  "0.0.0.0 0.0.0.0 10.1.1.5" which pushes all the traffic tot he RV042 and from the RV042 i have created static routes
SkykingOHCommented:
I am out of ideas for the night.  I will review in the morning and provide additional input.

Another expert is also likely to chime in with fresh ideas.

Good luck.

lrmooreCommented:
Just for giggles, make it option 150 on the DHCP server..
Compguy209Author Commented:
No need to make it option 150. I now have it working and still using option 66.
The issue was a routing problem with the RV042 at the house side of the VPN. I decided to reset the RV042's and I started with the house side. I setup the vpn again entered the static routes back in and the phones at the house registered and got an extension. I must have had one of the routes wrong is all I can figure.
Compguy209Author Commented:
SkykingOH was leading me in the right direction of what the real issue was. It turns out it was a routing issue.
lrmooreCommented:
Glad you got it sorted out. Also glad to hear that it works with option 66.
SkykingOHCommented:
What was the exact routing issue so others can benefit.

Compguy209Author Commented:
Couldnt tell you which static route I had wrong since I just dumped the configs. The UC520 does not support any routing protocols not even rip leaving room for error when entering routes ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.