Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mitel 200 icp web gui issues

Status
Not open for further replies.

bh21080

ISP
Sep 28, 2010
3
US
We have 3 branch offices that are connected via site-to-site ipsec tunnels. These individual ipsec tunnels are brought up by two different devices pending which tunnel you are using. One is via a cisco2800 to another cisco2800. The other variety is between two cisco 5505 ASA's. When you are at a branch office and attempting to use the web gui (embedded java) of 200icp at a remote office, the gui works just fine when crossing the ipsec tunnel established between the two 2800's. When hitting the remote site that has you crossing the ASA to ASA ipsec connection, the gui fails.
Fails: The remote branch's 200icp is ping'able and the web login can be reached just fine. After all the java downloads are done and the normal page is loaded, the embedded java based terminal does not display the normal menu driven options. It instead displays "Connection disconnected. Refresh the page to reconnect."
I do feel like the ASA's are causing an issue, but I'm not for sure what. I feel like my nat exemption rules traversing my site to site ipsec tunnel should allow all traffic regardless of tcp/udp port.

Mitel support vaguely suggested opening up port tcp 2000. I'm fine with that but would love to understand more as to why my ASA's would be port specific in blocking traffic on a site to site ipsec tunnel.

Any suggestions would be greatly appreciated!
thnx,
bh




 
I am not familiar with that cisco product, but personally, I'd turf the whole web thing and use the telnet-tsl which should be on your mitel disk.

This app works just as if you were at the console. It is not java dependent so computer software u/g's won't affect it.

The ASA unless clearly defined will block various ports, or protocols.

Another factor could be are you "hopping" or going directly to the controller?

That could also be factor.
 
Turning off inspections for skinny (port 2000) on our ASA, resolved the issue. Inspection for skinny was turned on while creating class and policy maps for QOS of voice. We have seen intermittent call setup issues that has me considering turning inspection off for rtsp and a couple h323's listed in the same global policy.

bh
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top