5610 Extension in use over Cisco VPN

[danfranklin]

I know there has been a lot of threads on this subject, believe me I have read them all but I am still unable to make a 5610SW register correctly over our VPNs to remote sites. It connects fine on the LAN which leads me to the VPN. The phones can connect to the 406 and the file server/tftp and download the codes. There are no restrictions on the VPN for any traffic and at the moment no QOS as the user data traffic is minimal. I have tried all the tricks registering the phones,,,rebooting,, but it always comes back with either a blank screen or Extension in use on the phone. I do have the restriction on packet size over the VPN as described in previous threads (1470). I changed the ATM interface to a smaller MTU on the router to handle this but no difference. I am using version 3.1.29 code. IS there anything else to look at.

Thanks Newbie

 

[h382]

Did you turn off the IP Fixup protocol on the Cisco?

 

[tlpeter]

how is the phone configured ?
did you put in the right gateway ?
if you didn't change the settings, after testing at the office, then it won't work

 

[danfranklin]

My VPN is between a Cisco 857 and a 3003 concentrator. No fixup commands on either of these.

I changed the phone router ip to point to the local router when it went out to the remote office. It's definitely connecting through the VPN as the TFTP server is on the central site and I can see the phone pulling the settings file from it.

 

[tlpeter]

then when it says : extension in use
what does happen is you try to unregister by using #

 

[danfranklin]

screen just goes blank. after maybee 30 mins the phone resets and goes through the same patern.

 

[kwing112000]

It sounds like the Cisco is dropping the H323 traffic. I had the same issue on 2 site with Cisco. Need to turn off the fixups and it worked for me.

 

[NuggiFirst]

I have just installed a system using Cisco equipment (Pix 506 v 3005 concentrator).

My phones (4610SW) also came up with blank screens.
We disabled the H323 fixup in the Pix, and it have worked perfect ever since

 

[danfranklin]

Strange thing is that I put the phones back on the LAN, Registered fine and then changed the phone ports to 100/FULL

I changed the same on the router and tried again. Now the phone seems to register and I get the default view on the phone and the extension comes up but I am unable to make or receive calls.

 

[danfranklin]

Has anyone got anything else to add or shall I just buy a Cisco solution that is proven to work on cisco VPN's and hardware.

 

[intrigrant]

You could also buy another solution for your network wich will work fine with the Avaya.
Then you will have a telecom system far more sophisticated as a Cisco call manager and you will have some money left for a nice dinner with your partner.

You will even have a better telecom solution if you upgrade it to 3.2.53 wich is the latest version.

Now some serious work :

The Avaya IP Phone registers with the Gatekeeper over port 1719 and 1720. After registration the phone will try to pull information from the IP Office wich is done using the H.323&H.245 protocol.
Appearently some part of the H.323 or H.245 traffic is blocked or malformed by one of the Cisco devices. Try to sniffer the traffic on both the IPO and the phone and find out what is blocked, then go to Cisco and ask what to do.
As a matter of fact there is a Cisco area in tek-tips.

 

[danfranklin]

Thanks for the reply. I would like to say I am not an avid Cisco fan hence the Avaya solution but I am begining to wonder if it was the right choice. I implemented the same network to the letter in our test lab with the Cisco call manae solution when we were first considering a new telephoney solution. It worked fine and it is also using H323. No malformed packets as they are not going through a pix.

The only think I have noticed as I think I mensioned before is that the maximum packet size allowed through the VPN is 1470. Maybe the way Avaya treats its h323 protocol needs large packets sizes?

 

[danfranklin]

P.S. I am also downloading 3.2.58. Is it worth upgrading. what's this version like?

 

[intrigrant]

3.2.53 is ok.
for detailed info please check this site :
marketingtools.avaya.com/knowledgebase

it has all the answers and even answers on questions you never thought of to ask....
a overload of information but fortunally there is a search function

 

[danfranklin]

Rersolved at last.

So here it is. It turns out its a similar problem to to the known fixup issue on PIX firewalls.

Our cisco VPN concentrator sits on the DMZ of our juniper firewall. Once the tunnels terminate on the concentrator traffic is then sent to the inside LAN. I set the rules on the firewall to allow all taffic during the initial test but what I failed to note was the fact that out the box, Juniper have H323 packet inspection selected as part of the QOS (Application Layer Gateway) policeing. I deselcted this feature and IT'S WORKING.......

Thanks for your help

dan