Hi guys, I need your help and I hope you can help me.
Is there a way to configure a Polycom phone to work anywhere I have internet (This means without a VPN)?. Or do I need a VPN?
I have a netvanta 7100 in Local Site with fixed IP on Ethernet interface.
Regards and thanks for your support
comdig01,
I removed the files you attached as they contained sensitive information to your network. After looking at them, there are several things that need to be addressed in the configuration:
1 – The firewall needs to be enabled for this setup.
2 – You need to implement the interface loop 1 as well as the media-gateway ip loopack 1 statement on the eth 0/0 interface based on the sample configuration I provided above: (https://supportforums.adtran.com/message/2296#2296)
3 – There was not an external SIP trunk configured, so you should take off allow list SIP self and allow list web-acl-10 under ip policy-class Public. Those will present security risks with your current setup after you enable the firewall. Also, allow list web-acl-11 is never going to be used as the nat source statement is above it and catches all IP traffic.
If you still have problems after fixing those issues please let us know in a reply.
Thanks,
Matt
comdig01,
We recommend a VPN back to the main site. If you don’t there are many complications and security risks. Here are some of the highlights:
The two applications we recommend are:
Thanks,
Matt
Hi Matt, good morning and thanks for your answer.
Following your recommendations I created a VPN with a CISCO WRVS4400N-V2 on remote site. The VPN is working good because I can ping to my local networks "10.10.10.0 and 10.10.20.0" from a remote PC with dynamic IP and I have 100% access to Netvanta.
Ports "53,80,500,501,502,1194,1293,1701,1723,4500" in TCP and UDP are permitted trough dsl modem.
The Polycom IP550 it's not recognized on Remote LAN "192.168.14.0/24" no matter if the phone is configured as DHCP or Fixed IP, But all PCs connected to remote LAN are recognized good.
Thanks again
I am assuming the phone is on the same subnet as the PCs that have access to the main site networks (10.10.10.0 and 10.10.20.0), and also that the VPN allows all IP traffic between those networks and the remote 192.168.14.0 subnet. If that is the case, the first thing I would check is to see if you can do a source ping from the voice vlan at the main site to the remote phone. For example from the CLI you could issue ping 192.168.14.10 source 10.10.20.1. This is assuming the remote phone's IP is 192.168.14.10 and your voice vlan IP is 10.10.20.1 - substitute these to match your setup. If the ping works the next thing to check is that the remote phone is getting the correct DHCP options from your remote router to tell it where to download its configuration files. For Polycom phones this is typically accomplished with option 66 tftp-server tftp://x.x.x.x where x.x.x.x = the voice vlan IP of the 7100. You would need to make sure TFTP and FTP are both enabled on the 7100 and allowed from the VPN selectors. If all is well there the next step is to look at the output from a debug ip ftp-server, debug ip tftp server events, and debug ip tftp server packets. The phone should attempt to download files via TFTP first and then extract the FTP server and credentials to get the rest of its configuration files. If all of the files are being downloaded I would recommend checking that a loopback address is being used for the SIP server address of this phone and that the media-gateway settings on the WAN point to the loopback address. Here is an example configuration that shows how to create the loopback interface and ensure the WAN media-gateway settings are set properly:
!
interface loop 1
ip address 10.10.20.253 255.255.255.255
no shutdown
!
interface eth 0/0
description WAN
ip address 208.61.209.1 255.255.255.248
access-policy Public
crypto map VPN
media-gateway ip loopback 1
traffic-shape rate 1536000
qos-policy out VOIP
no shutdown
!
The loopback IP needs to be set to an unused IP in the voice vlan. To check the SIP server address settings of the phone navigate to Voice > IP Phone Configs > highlight the MAC for the phone and click Edit > go to the Phone Settings tab > and check that the SIP server address is set to the loopback IP address. On this same tab make sure the Boot Profile is set to Remote Phone. If you need to change any of these make sure to click the Apply button. Then navigate to Voice > IP Phone Globals > Boot Settings tab > Remote Phones tab > make sure DHCP is checked and that Internal IP Address is selected with the drop down box set to the loopback IP address then click Apply.
I would like to note that this setup is only valid for extension-extension, analog POTS, and PRI calling. If the 7100 is using a SIP trunk for PSTN access, additional configuration would be required on both the 7100 and the remote VPN termination device.
The bootup process of a Polycom phone is covered in our . If you still are having trouble look through it and follow the instructions I outlined above and let me know if you are getting stuck at a particular place.
Thanks,
Matt
I went ahead and marked this question as "Assumed Answered". Feel free to select any correct or helpful answers from this thread that may have helped you. If you have any further questions please don't hesitate to reply and I would be more than happy to continue working with you on this.
Thanks,
Matt
I made recommended configuration but I still can't ping to Polycom IP550 from any LAN (Remote or Local).
I should be able to ping the phone from the remote network because there is physically connected, but Polycom does not take any IP from DHCP server. Neither answer if it is given a fixed IP.
Regards
I am assuming the VPN is up and you can ping the remote PCs, which are in the same subnet as the Polycom. If that is not correct please let me know. The symptoms you described imply the remote DHCP server is not seeing the request from the phone. You should ensure the Polycom is provisioned for DHCP and attached to a switchport that is in the proper vlan. Is the phone plugged into the same switch as the remote PCs? Are there multiple DHCP servers at the remote location (wireless APs are a common offender)? A definitive test would be to run a DHCP debug on the remote Cisco (I am assuming it is the DHCP server for your setup) to ensure it sees DHCP from the phone, and it responds properly. Our DHCP guide may shed some light on some of this.
It may be worth defaulting the phone by power cycling and then pressing/holding down 4, 6, 8, * all at the same time immediately after it boots back up until it prompts you for a password. After entering the password of 456 it should default the configuration and reboot.
Thanks,
Matt
comdig01,
Did you get a chance to look into this further and troubleshoot with the information from my last post? Let me know the result and I would be happy to continue working on this with you.
Thanks,
Matt
Hi Matt good morning, sorry if I didn't answer your messages before, but I was very busy with another tasks.
The remote Polycom IP550 is now connected to Netvanta via VPN (The problem was fixed deleting the data from field "Ethernet Menu/VLAN ID" on Polycom IP550).
- I have dial tone in Remote Site.
- I can make calls from Remote Site (192.168.14.0) to Local Site (Netvanta)
BUT "why always exist a but?"
- When you dial from Remote Site to VMail or Autoattendant the phone call is answered but nothing is hear.
- When you dial from Local Site to Remote Site, always hear a busy tone and Remote phone doesn't rings.
Thanks again.
comdig01,
Thanks for the additional information. It sounds like the Polycom was configured for a different VLAN other than what the DHCP server was on, which explains why it did not acquire an address.
To troubleshoot the other problems we would need to see the output from a debug sip stack messages and a debug voice verbose from the NetVanta 7100 while recreating the issues as well as a copy of the current configuration. You will need to remove any sensitive information such as passwords, public IPs, public phone number, etc from the configuration and debugs. The debugs will produce a LOT of output so you will need to make sure the program you are using to collect this has a sufficient scroll back buffer. We would also need to know the extensions involved in the calls so we could reference them in the debugs.
Thanks,
Matt
Here is the information requested.
Thanks again
Message was edited by: matt - removed configurations and debugs with sensitive information included
comdig01,
I removed the files you attached as they contained sensitive information to your network. After looking at them, there are several things that need to be addressed in the configuration:
1 – The firewall needs to be enabled for this setup.
2 – You need to implement the interface loop 1 as well as the media-gateway ip loopack 1 statement on the eth 0/0 interface based on the sample configuration I provided above: (https://supportforums.adtran.com/message/2296#2296)
3 – There was not an external SIP trunk configured, so you should take off allow list SIP self and allow list web-acl-10 under ip policy-class Public. Those will present security risks with your current setup after you enable the firewall. Also, allow list web-acl-11 is never going to be used as the nat source statement is above it and catches all IP traffic.
If you still have problems after fixing those issues please let us know in a reply.
Thanks,
Matt
Good morning guys,
Just to let you know that everything is working fine, I must to update the Polycom IP550 firmware because it was too old.
Thanks again for your excellent support,
comdig01,
Thanks for letting us know everything is working. If you can, please return to this thread and mark any correct or helpful answers that assisted you. That will make the solutions easier for other members of the community to find.
Thanks,
Matt
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Matt
My issue is similar but different. I have the IP550 and it has been working fine for three years plus. I moved my home office to a new room in the home, connected the IP550 to the new modem and its states "failed to get boot parameters via DHCP". I took the phone back to the old office and it works fine. One person suggested the cable are not completed connected but that has been checked. The modem is allowing me to access the internet so the modem is working. Please help. Currently running a 25ft cord back to the old office until I can get this fixed.
Typically when you get that error, it could be a vlan issue. What VLAN is the phone learning from the 7100 for the voice VLAN?
I assume you are having two different modems in the two offices?
Is that phone configured as a local or remote phone?
-Mark