Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

J179 H.323 VPN Phones "Discover" after enabeling TLS and updating Ports 2

Status
Not open for further replies.
dsm600rr

dsm600rr

IS-IT--Management
Nov 17, 2015
1,436
0
36
US
Hello All,

I have a few VPN Phones that stopped working after enabling TLS and updating Remote Ports on the IPO

I do not see anywhere to update any ports on the J179. Is this a certificate error? I do not see any Certificate Errors in SSA.

Phones currently VPN back to a Cisco ASA and the tunnel builds just fine.

Thoughts?

ACSS
 
Sort by date Sort by votes
derfloh: The remote and Public Ports for UDP / TCP / TLS



ACSS
 
Upvote 0 Downvote
derfloh: The VPN Phones have been working fine for months. After I got TLS Working and Updated the ports for IX Workplace, they will VPN in, ask for a extension and pass and then go to discover.

ACSS
 
Upvote 0 Downvote
derfloh: I will confirm with the Firewall Guy Monday and report back.

ACSS
 
Upvote 0 Downvote
derfloh: Firewall Guy said we ARE behind NAT

ACSS
 
Upvote 0 Downvote
derfloh: Makes sense. I have the phone back at the office and cleared. I’ll take it home tomorrow and update, thank you.

ACSS
 
Upvote 0 Downvote
Still no go on the VPN Phone. I even put the ports back to default for now.

The only thing I see from the phone in Monitor on default trace options from the phone is:

16:25:39 15398581mS PRN: Service Access Connection from 10.10.10.4(43674) to Port 80

What trace options should I enable to figure out what is going on?

Thank you.

ACSS
 
Upvote 0 Downvote
derfloh: Have my firewall guy disable NAT and re-test?

ACSS
 
Upvote 0 Downvote
If you already have IX Workplace working from remote location why not run the J179 as remote SIP phone?

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
janni78: Is there documentation on how to do so without an ASBCE? Process on loading the TLS Certs on the phones?

ACSS
 
Upvote 0 Downvote
janni78: I manually installed the Certificates on my cell phones (root-ca.crt) and PC's (.p12) in the windows certificate import wizard.

I am only seeing documentation on remote phones with an ASBCE.

What I did at my office is Default the phone and put it on my Data VLAN (where all the remote IX Workplace Applications Register)

When it reboot, it asked to "Enter Provisioning Details" - I entered in my FQDN

The phone re-boot again and I was able to log in. I also see the extension using TLS in SSA. I am assuming there is more setup than this however I will not be able to test the phone remotely until tonight.

2020-11-04_11-43-31_bhxd77.jpg


ACSS
 
Upvote 0 Downvote
You have to ensure that the IPO delivers the needed root certificate(S) as WebRootCA.pem. A J-Series phone has to load the 46xxsettings.txt and will load the WebRootCA.pem in the next step. Afterwards it will trust the needed CAs.

You can either load the files through HTTP or if you want to do it through HTTPS the phone has to be pre provisioned locally so that it will trust the certificates.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN
 
Upvote 0 Downvote
derfloh: Thank you, Sir. The phone is currently logged in locally on my PBX - how can I confirm it grabbed the WebRootCA.pem

ACSS
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

suprhm
  • Locked
  • Question
J179 SIP to H.323 Conversion issue
Replies
1
Views
207
suprhm
suprhm
a.kasuri
  • Question
AVAYA IP OFFICE SIP TRUNK OVER TLS SRTP, SEND and LISTEN PORTS
Replies
1
Views
177
a.kasuri
a.kasuri
BrianCosta
  • Locked
  • Question
Avaya IPOSE - H.323 - IPO500v2
Replies
1
Views
82
derfloh
derfloh
Houdini9881
  • Locked
  • Question
Avaya J179 Phones Powering up in Discover Mode with an IP Address
Replies
6
Views
188
VinylDave
VinylDave
DTGMI
  • Locked
  • Question
Updating H323 R6 SW on J179
Replies
2
Views
75
gwebster
gwebster

Part and Inventory Search

Sponsor

Back
Top