Mitel 5330 TFTP Error 4 at Remote Site over IPSec VPN
Single user at remote site with Cisco ASA 5505 connecting to our corporate ASA 5510 over an IPSec site-to-site tunnel.
This user, about once a week, has the phone reboot and display this error. Today, the phone has not booted all day and continually reboots after this error.
IP is statically assigned, no vlan or PRI options set, and ICP/TFTP address set to the 3300 controller.
I've read about everything I could on this, from inspection maps on the ASA for SIP traffic, to potential packet sizes for the TFTP from the 3300 coming in at 1522 which would fragment on the 1500 MTU ASA.
Any ideas? I'm now exploring setting up the Teleworker portion of the phone, though we don't have the module, as I understand it has longer timeout and "jitter" periods.
This user, about once a week, has the phone reboot and display this error. Today, the phone has not booted all day and continually reboots after this error.
IP is statically assigned, no vlan or PRI options set, and ICP/TFTP address set to the 3300 controller.
I've read about everything I could on this, from inspection maps on the ASA for SIP traffic, to potential packet sizes for the TFTP from the 3300 coming in at 1522 which would fragment on the 1500 MTU ASA.
Any ideas? I'm now exploring setting up the Teleworker portion of the phone, though we don't have the module, as I understand it has longer timeout and "jitter" periods.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
atrevido
If you have an ipsec tunnel then you don't need to use Teleworker. Your error means that the phone is having trouble locating the MBG server (aka teleworker server). If you don't have a MBG server then you should be just pointing it to the 3300 ip and NOT using the 7 key to program the phone. using the 7 key upon boot allows you to program/set the phone in teleworker mode.
ASKER
Thanks.
I only did teleworker as last resort, as I read others used that as a hack of sorts to extend the timeout period for the phone contacting the ICP; the initial problem was before applying teleworker settings.
Anyhow, the phone came up on Saturday, and we've all been away out of state since so I don't have any updates or have tried anything else since.
I will look into using DHCP options instead of a static IP.
I only did teleworker as last resort, as I read others used that as a hack of sorts to extend the timeout period for the phone contacting the ICP; the initial problem was before applying teleworker settings.
Anyhow, the phone came up on Saturday, and we've all been away out of state since so I don't have any updates or have tried anything else since.
I will look into using DHCP options instead of a static IP.
ASKER
Didn't find a bonafide answer yet so will keep digging; closing question, and thanks for the responses.
Fantastic comments ! my colleague recently located <code>https://goo.gl/tJ1Zvd</code> to share pdf - It's quite convenient to navigate and it's superb . I know they are giving a 30 day trial now