We help IT Professionals succeed at work.

Cisco IP Phone Accessing Phone System via VPN

Mango-Man used Ask the Experts™
Hi all,

I am trying to setup a Cisco IP phone (SPA525G) at a remote location that will connect to our Cisco phone system (a UC540) via VPN.

I have setup the SPA525G for my UC540 using the Phone VPN Configuration Wizard in CCA 3.2. (Cisco Configuration Assistant).

The phone works great on the local network and after running the wizard I'm told I should just be able to take it to the remote location and plug it in.  Obviously I installed Full Tunnel mode on the UC540 but not sure if there are specific settings I should be using?

When I do plug it in at the remote location, it turns on and seems to make the VPN connection but then it just sits there showing one of the following messages (it just cycles through them):

Downloading: XMLDefault.cnf.xml
Downloading: xmlDEFAULT525g2.cnf.xml
Downloading: SEP708105B34E08.cnf.xml

So far its been doing this for an hour and shows no signs of stopping.

Any help would be much appreciated


Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
do you see any activity when starting a tftp debug?

debug tftp server events
terminal monitor


Hi Willy,

Thanks for the update - do you mean I set a TFTP debug running in CCA when the phone is at the remote location?  If so, I'll give it a go.


I meant a tftp debug from the IOS directly.


Hi Willy,

Let's just pretend its 'my friend' that has this problem and that when it comes to Cisco stuff, 'my friend' is a complete moron and only really knows that basics and the CCA, is there any simpler stuff to try first?  :-D

Well, your 'friend' is now in deep mud so to say. Just mixing voice with VPN technologies can get quite ugly, but it seems your 'friend' has been doing it very good so far. From CCA I can not suggest anything else for the moment. I would try and take the debug I mentioned before first as its not that hard really =D.


Hi Willy,

At the suggestion of a friend, I have installed the Cisco VPN Client on a PC and the Cisco IP Communicator (softphone), and used these to connect to the UC540 - I had to manually enter the TFTP IP address ( in to the softphone but aside from that it worked perfectly so I can only conclude that the TFTP server is working ok.

Not sure what to do next!

Well, that is only good if you want to make the IP Communicator work, which is entirely different than the SPA first off, and second, you probably have the TFTP working fine since the beginning of this thread, lets clarify that we are not after a TFTP troubleshooting. By debugging TFTP ativity from IOS we would be troubleshooting connectivity from the IP Phone for that particular type of traffic. I would still suggest you capture some output from IOS.

Here is this link for you to verify your configuration: