IP Touch 4068 via VPN tunnel PROBLEM

[karamba]

Hi

I have connected two cisco pix 501 and made a vpn tunnel for network communication between two external networks. The tunnel are configured to pass all. In first phase communication between IP Touch and TFTP everything seems to be OK( I can ping the VoIP card and IP touch from two sides). But when the IP Touch goes to 5/5 phase sudenly the communication between ip touch and oxo stops and they don't see each other through the vpn tunnel. Finely Ip Touch communicates on the screen "no tftp response" and it resets.

Is there anyone who can help me with this?

Michal
jajfa@o2.pl

[karamba]

Hi

I have connected two cisco pix 501 and made a vpn tunnel for network communication between two external networks. The tunnel are configured to pass all. In first phase communication between IP Touch and TFTP everything seems to be OK( I can ping the VoIP card and IP touch from two sides). But when the IP Touch goes to 5/5 phase sudenly the communication between ip touch and oxo stops and they don't see each other through the vpn tunnel. Finely Ip Touch communicates on the screen "no tftp response" and it resets.

Is there anyone who can help me with this?

Michal
jajfa@o2.pl

Note that the OXO and VoIP are in other VLAN's. The IP trafic VLAN is 19 (172.30.217.0/24) but the data trafic are in VLAN 2 (172.30.218.0/27).

[krzysioD]

Vlan's are at Level 2 of Ethernet,
WAN and PIX VPN is more in on other Level (more likely level 3 of WAN).

Some tcpdump-like program is your friend.
Maybe pix have not corrected for small MTU on VPN connection?
It was like <code>ip tcp adjust-mss 1436</code> or something like that on both PIXes.

You setup phone with DHCP or static?
Pls give us config of both phones with vlans, and also possibly the pix'es.

On 2nd PIX you have to setup another (separate) network (it's not the same LAN nor Vlan!) that's my point of view, with it's own DHCP and provide TFTP for OXO.

BTW why 501, very obsolete piece of hardware....

[karamba]

I will check the MTU thx

phone has only static ip configuration:

ip addres: 192.168.10.150/24
router: 192.168.10.1
tftp1: 172.30.217.003
tftp2: 255.255.255.255
tftp back: 255.255.255.255
tftp port: 69
cpu:172.30.217.003
cpu2: 255.255.255.255
use vlan: off
vlan id: 19
strict vlan: off

DHCP works only for IP phones in intranet of the company.

Michał
gg:2805792

[krzysioD]

huh, Michal,
will try to get you on IM.

you havn't specified IP of OXO and config of both PIXies.

[tot3nkopf]

VLAN configured on IP Touch?
If dynamic allocation of IP, DHCP Relay activated on gateways?

[krzysioD]

If it's a diffrent vlan, so oxo need to be dhcp server for 2 networks.
Didn't know that oxo could do it.
Michal written that he uses static IP on remote network, so there is only need to pass traffic from one router to another and that's it.
Again, some basic tcpdump and it will be solved under 15 minutes.

[tot3nkopf]

No I also think OXO can't do that, but external DHCP with option 66 (I think) as TFTP server ip add of the CPU should work.
You are right about the tcp dump.

Regards.

[karamba]

Hi

I made some tcpdump with ethereal.

IP Touch: 192.168.250.150
TFTP: 172.30.217.3
MY PC: 192.168.250.11

[krzysioD]

Huh, whuld like to help U but,
the ip information you've provided is not complete pls give subnet mask and default gw ip.