Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SCN Down in system status

Status
Not open for further replies.

ifoam

MIS
Jul 4, 2007
76
US
I'm not very familar with Avaya phone systems but an Avaya tech is telling me that my firewall is filtering the traffic thus the SCN is showing down in the system status.

This is a site to site VPN. The system status on one end shows that the remote end is DOWN. There is no filtering in place. I can browse the network, I can port scan across but it still shows down.

I have an ASA at one end and a PIX on the other.

Any ideas?
 
in the ASA put in

No Inspect H323 H225
No inspect H323 RAS
same for the pix except replace inspect with fixup unless the PIX has newer firmware then it could be inspect

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Carousel Industries
 
Thanks kwing

I tried that but still shows down.

I can ping back and forth and a port scan shows onlly 80 443 1720 and 5060 open on both sides. Even when I scan locally.


policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect rsh
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
inspect sip



fixup protocol dns maximum-length 512
fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
no fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69


Any other suggestions?
 
What IPO hardware do you have? if 500's do you have voice networking licenses?

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Carousel Industries
 
I'm asking the tech to confirm but under license it says IP500 Voice Networking Channels

Available 4
In use 0
Valid

It helps to say, apparently it was working for a day then over the weekend it no longer worked. They restarted the ASA but the config looks like it is supposed to look.

The VPN tunnel is up.
 
The remote site is running an IP Office 500 V2 with release 6.1.20 on it and the HQ site is running an IP Office 406 V2 with release 6.1.12 on it.


It is working on the other sites connected to the HQ
 
The trunk on HQ shows that its up but the trunk at the remote site says down.


HQ has the pix, remote site has the ASA
 
something is blocking traffic 1 way.

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Carousel Industries
 
it's a site to site vpn. Nothing is in the way. Switch > ASA > router > MPLS CLOUD > router > pix > router >switch


the VPN should by pass it all.

is there a way to "reset" the SCN on the remote site?
 
is there any need to run a VPN on your MPLS?

ACSS - SME
General Geek

CallUsOn.png


1832163.png
 
can you use manager to to remotely manage both switches from the one location? also, does monitor (Status / Small Comm network option) show the SCN alive?

ACSS - SME
General Geek

CallUsOn.png


1832163.png
 
the only way to reset is to reboot. Maybe check your IP routes. if you only have the default 0.0.0.0 route maybe create a new route for you remote IPO and see if it helps. is there a reason you have VPN over mpls?

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Carousel Industries
 
I had a similar issue with a 7.0. I rebooted and life was good.

It's only dialtone!!!
 
I can ping back and forth and a port scan shows onlly 80 443 1720 and 5060 open on both sides. Even when I scan locally.

Open these ports too:

Code:
"çè
49152 to 53247*"	RTP/RTCP	UDP	Dynamically allocated ports used during VoIP calls for RTP and RTCP traffic. The port range can be adjusted through the System | Gatekeeper tab.
è  50791	IPO Voicemail	UDP	To voicemail server address.
ç  50793	IPO Solo Voicemail	UDP	From IP Office TAPI PC with Wave drive user support.
ç  50794	IPO Monitor	UDP	From the IP Office Monitor application.
ç  50795	IPO Voice Networking	UDP	Small Community Network signalling (AVRIP) and BLF updates.  Each system does a broadcast every 30 seconds. BLF updates are sent required up a maximum of every 5 seconds.
ç  50796	IPO PCPartner	UDP	From an IP Office application (for example Phone Manager or SoftConsole). Used to initiate a session between the IP Office and the application.
ç  50797	IPO TAPI	UDP	From an IP Office TAPI user PC.
è  50798	(UDP) 	UDP	IP Office Manager and Upgrade Wizard
è  50799	IPO BLF	UDP	Broadcast to the IP Office LAN and the first 10 IP addresses registered from other subnets.
è  50800	IPO License Dongle	UDP	To the License Server IP Address set in the IP Office config.
ç   50801	Econf	UDP	Conference Center Service to IP Office.
ç   50802	Discovery	TCP	IP Office discovery from Manager.
ç  50804*	"Service Access
Protocol"	TCP	IP Office configuration settings access.
ç  50805*		TCP	TLS Secure"
ç  50808*		TCP	IP Office system status access.
ç  50812*		TCP	IP Office security settings access.
ç  50813*		TCP	TLS Secure"

BAZINGA!

I'm not insane, my mother had me tested!
 
Thanks everyone for the great suggestions!

After reading over the configs and looking at manuals, I asked the tech to recreate the h323 trunk and it worked after that!

They said they had already rebooted it before..

I'm just glad its working. So recreating the trunk fixed the problem.
 
>is there any need to run a VPN on your MPLS

Yes, MPLS is shared environment...

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
 
Sorry, yeah MPLS is shared between various health clinics exchange private client data.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top