Search this Blog

Friday, May 14, 2010

Issues with IP Phone SSL VPN to ASA using AnyConnect

Troubleshooting Steps
  1. Plug the phone in the same subnet as the inside interface. This will test whether the phone's configuration works prior to adding vpn
  2. Connect with AnyConnect on a PC. This will confirm that the ASA is configured correctly for Anyconnect
  3. From the connected PC try to ping the TFTP server and CUCM server. This will test basic ip connectivity to the two servers.
  4. From the PC try to download the TFTP config file for the phone in question "tftp -i GET SEP.cnf.xml. This will test that the tftp service is functional and reachable.
  5. From the PC try to telnet to TCP Port 2000 on the CUCM server "telnet 2000". This should immediately come back with a new line and a blank cursor. This will test connectivity to the sccp service, for SIP registrations use port 5060.
  6. Normal phone registering process testing.
Click here for the document that provides a complete set of configuration tasks required to configure CUCM for this feature.

Required Software Versions
IP Phone >= 9.0(2)SR1S
ASA >= 8.0.4
Anyconnect VPN Pkg >= 2.4.1012

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

1 comment :

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */