IP Office 500 - Remote IP Phone - Site to Site VPN - Stuck on Discover

[xterest]

Hey Guys,

I have a IP Office 500 system with about 20 phones on it. (19 of the phone are digital, local to the system. We also have a 5621sw phone that is at a satellite office and connects to the IP office via a Site to Site VPN that is up. When we set this up 3 years ago, everything worked and they have been using it with no problem for up until 2 weeks ago.

The phone gets stuck on discover 192.168.0.21 (IP of IPO500) and just hangs there. The VPN is up and connectivity works fine from the satellite office. Connecting with Phone manager works from the satellite office, and there is no port filtering on the VPN.

Whats strange is, that the phone, on boot, gets past the HTTP checks, with status 200, gets the 46xxxupgrade.scr filea dn then hangs on discover x.x.x.x. Also to note, if the phone is wiped, its prompts for an extension # and password on first boot, and after that does it get stuck on discover 192.168.0.21.

I have tried different phone, rebuilding the tunnel and well as manually TELNETTing from a PC to the ports on the IP office, and the ports are open. The IP Office has return routes to the subnet on this side of the tunnel and connectivity works fine.

Could this be firmware related? I tried 2 different firmwares on the 5621sw, but they both could have an issue i guess. Anyone have a similar issue? the phone is using i20d01a2184e.bin

My next step to to test and see if the phone works locally on the LAN, which I have not tried yet because its an 1.5 hr drive to get there. This will rule out if the issue is VPN related, or something else.

 

[DavidCT]

Check for H323 transformations on both site-to-site VPN devices. You want it DISABLED. This is likely the problem, and could have been caused by a firmware upgrade on one of the devices.

 

[xterest]

The H323 Transforms are disabled on both sides. Haven done a firmware upgrade on this Sonicwall NSA 2400 in about a year.

 

[tlpeter]

Sounds like the iproute is gone in the ipoffice.


BAZINGA!

I'm not insane, my mother had me tested!

 

[amriddle01]

Using SSA can the system ping the phone?

ACSS (SME)
APSS (SME)

http://www.ipoffice.tel

"I'm just off to Hartlepool to buy some exploding trousers

 

[xterest]

The return route is there. The IP Office reply's to pings from the far end of the VPN, w/o the route ping times out. So the route is working. Also it gets past the HTTP checks, with status 200, gets the 46xxxupgrade.scr file via HTTP from the IP Office fine, after that is when it just hangs.

So connectivity is there, it could be something with the firmware on the Sonicwall. I'm considering doing some PAT on the far end firewall for the H323 ports and seeing if it connects via the Public IP instead of over the VPN.

Do I need anything other that 1719 & 1720 to test this? Not even sure if this will work.

Amriddle01 - Yes, ping responds via SSA to the remote phone.

 

[tlpeter]

Then blame the sonicwalls.
There has been enough trouble with those boxes.


BAZINGA!

I'm not insane, my mother had me tested!

 

[DavidCT]

I had this problem last week and sure enough, H323 was enabled on the Sonicwall. At this location we do not manage the Sonicwalls, but I was able to get access through their IT guy. I know for sure H323 was previously disabled.

I would power down/back up the Sonicwalls (both sides -- a restart in the GUI is not good enough).