vpn phone 'discovering' ipo

[micomms]

I have a VPN phone at remote office.

It will connect with VPN server and create IPsec tunnel ok.
It will connect with TFTP server (on IPO LAN1) and download files ok.

The phone then just stalls saying 'Discover x.x.x.x' (ie. the call server IPO address)

Does this mean that the phone cannot see the IP Office, do I have a routing problem ?

Here is a snapshot of a short monitor trace I took (phones are connected via private ADSL to Netgear FVX538 vpn server '192.168.99.1', which connects to LAN2 '192.168.99.1' of IPO), and then to TFTP on LAN1 subnet Basically this trace is the only thing even resembling an error I can find.

22859306mS Interface Tx: v=LAN2 LAN
Ethernet Header info - dst=001e2a48190c src=00e007835f5f len=70
IP Header info - Dst=192.168.99.1 Src=192.168.99.254 vl=0x45 tos=0x00 len=56 id=0xabd9
ttl=99 flg=0x00 off=0x0000 pcol=1(ICMP) sum=0x639b
ICMP Destination Unreachable(Port Unreachable). [csum=0x86c9]
Useful Original packet details:-
Src=192.168.99.1 Dst=192.168.99.254 pcol=17(UDP) id=0x0000 tos=0x00 ttl=64
SrcPort=1038 DstPort=137(NETBIOS Name Service) :-
0000 45 00 00 4e 00 00 40 00 40 11 f2 4e c0 a8 63 01 E..N..@.@..N..c.
0010 c0 a8 63 fe 04 0e 00 89 00 3a 71 62 ..c......:qb


Any ideas anyone ?

 

[robboardman]

it looks like you don't have a route to the gateway set on the IPO

Robb

 

[tlpeter]

There is a default iproute 192.168.99.0 with destination RemoteManager

Change that one and make a new one for your phone or change the destination to lan1 if you do not need the RemoteManager route


ACA - Implement IP Office
ACS - Implement IP Office
ACA - Implement IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[mforrence]

You say that both the router and IPO use 192.168.99.1 - is this a typo? There is a tech tip that describes exactly how to configure for use with FVX538 router. If you follow to the letter, it will work.
Mike

 

[micomms]

sorry guys, typo....LAN2 of IPO = 192.168.99.254

Strange I have no problem communicating with tftp, but stuck discovering IPO which are both on same subnet.

 

[mforrence]

Do you have an IP route in Manager for your VPN phone? Your IP phone will have an address other than .99.X and you need a route pointed to LAN2. I suspect that when you put this in, the phone will come up within seconds.
Mike

 

[micomms]

No, I definitely have that route in there 192.168.92.0 (for the vpn virtual ip address's).

Funny thing is, that just the once, it cam up asking me for my extension number and password, and I thought this is it...all working... then it just came up with 'Discovering...)

Hasn't worked a second time yet.

 

[micomms]

Have read both the tech bulletin on the Netgearn FVX538 and general avaya VPN phone deplyment, and have no problems there (I will check again though). Wondering if any one can see a problem which is not in the documentation?

 

[Notsetinstone]

Is the gatekeeper turned on on Lan 2?

http://www.nu-tel.com

 

[micomms]

Gatekeeper is on...I have just activated both auto-create extn & user, will see if phone registration is the issue on LAN2.

 

[keke6608]

firewall block the ports for keep alive. I use to have exactly same problem

 

[micomms]

There is no firewall active on either IPO or Netgear.
Do I need to create an inbound policy on the Netgear?

 

[micomms]

No, keep alive is not the problem, the connection is set to stay on at all times. IP handset will register when directly connected to router LAN2 locally but VPN phone will not.

 

[tlpeter]

Disable everything in monitor except for h323

Then startup the phone and see what comes by


ACA - Implement IP Office
ACS - Implement IP Office
ACA - Implement IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[micomms]

Did that already, nothing at all in the H323 monitor on Lan2.

Tried to buy a hub (no chance there) to plug directly into LAN2, may have to hunt one on ebay.

 

[tlpeter]

If you do not see any h323 then the phone has no access to the ipo !

Definitly h323 is blocked

Can you check ports 1719 and 1720 ?

ACA - Implement IP Office
ACS - Implement IP Office
ACA - Implement IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[micomms]

This did come up in the sysmonitor though, the Src=Netgear LAN IP and Dst=LAN2 IP on the IPO.


386788769mS Interface Tx: v=LAN2 LAN

ICMP Destination Unreachable(Port Unreachable).
Useful Original packet details:-
Src=192.168.99.1 Dst=192.168.99.254 pcol=17(UDP) id=0x0000 tos=0x00 ttl=64
SrcPort=1539 DstPort=137(NETBIOS Name Service)

 

[quazimotto]

Did you resolve your problem?

Quaz

 

[Maxwell1001]

did this problem get resolved, We have tried many things and checked all the ports are open & ip routes in which they are but still getting the discover (IP 500 ADDRESS)

 

[micomms]

Problem was resolved.

Do not follow the Avaya tb196, I believe there will be an update to this forthcoming.

Had to disable mode config as this was causing problems and put in virtual address manually on handset, aswell as create a VPN policy for the IPO LAN2 subnet. Don't use Xauth either, and don't use the Juniper VPN profile, use the Generic PSK instead.

Also upgraded fvx538 to 3.0.4.19 firmware.