Hi all,
I have a Cisco PIX 501 firewall running for a remote teleworker. He has IPSEC VPN's via the firewall to our data and voice networks accordingly. On our end, there is a Cisco 1710 router which routes to both networks.
He has been having a problem where his Toshiba IP phone will black out and reboot. I've been running syslog and seem to have traced some messages to the moment to where the phone reboots. The strange thing is that the DHCP pool and subnet I've used for the PIX and it's clients is 192.168.102.x and syslog shows an address not in that subnet trying to establish a connection with the phone.
The 192.168.0.x subnet is not used at all anywhere to my knowledge, and I have no idea where this address is coming from.
These are the exact syslog messages from when the phone reboots:
I always see this one first:
<166>Oct 10 2009 15:08:30: %PIX-6-305011: Built dynamic UDP translation from inside:192.168.102.5/161 to outside:67.160.90.33/8
followed by:
<166>Oct 10 2009 15:08:30: %PIX-6-302015: Built outbound UDP connection 12956 for outside:192.168.0.253/162 (192.168.0.253/162) to inside:192.168.102.5/161 (67.160.90.33/8)
192.168.102.1 10/10 10:53:31.546
I'm not 100% sure what this could be related to. I thought maybe someone could be plugging something into the teleworker's home network that they shouldn't be? But then I wondered why would it want to establish a connection with the phone of all things?
I have this exact same setup in my home and have been running syslog to see if this happens for me as well. It does not, and my phone does not reboot. We are both using the PIX 6.3(5) OS on the firewalls.
Anyways any advice would be greatly appreciated.
Andy
I have a Cisco PIX 501 firewall running for a remote teleworker. He has IPSEC VPN's via the firewall to our data and voice networks accordingly. On our end, there is a Cisco 1710 router which routes to both networks.
He has been having a problem where his Toshiba IP phone will black out and reboot. I've been running syslog and seem to have traced some messages to the moment to where the phone reboots. The strange thing is that the DHCP pool and subnet I've used for the PIX and it's clients is 192.168.102.x and syslog shows an address not in that subnet trying to establish a connection with the phone.
The 192.168.0.x subnet is not used at all anywhere to my knowledge, and I have no idea where this address is coming from.
These are the exact syslog messages from when the phone reboots:
I always see this one first:
<166>Oct 10 2009 15:08:30: %PIX-6-305011: Built dynamic UDP translation from inside:192.168.102.5/161 to outside:67.160.90.33/8
followed by:
<166>Oct 10 2009 15:08:30: %PIX-6-302015: Built outbound UDP connection 12956 for outside:192.168.0.253/162 (192.168.0.253/162) to inside:192.168.102.5/161 (67.160.90.33/8)
192.168.102.1 10/10 10:53:31.546
I'm not 100% sure what this could be related to. I thought maybe someone could be plugging something into the teleworker's home network that they shouldn't be? But then I wondered why would it want to establish a connection with the phone of all things?
I have this exact same setup in my home and have been running syslog to see if this happens for me as well. It does not, and my phone does not reboot. We are both using the PIX 6.3(5) OS on the firewalls.
Anyways any advice would be greatly appreciated.
Andy
