Ssl connection failure, General phone errors and behaviors, Ike and ipsec negotiation failures – Avaya 4600 User Manual

Troubleshooting

24 Administrator Guide

SSL Connection Failure

●

Confirm security device is accepting SSL connections

This requires access to the device’s Web interface or SSH access.

General Phone Errors and Behaviors

●

Contact DHCP/TFTP administrator, L2Q parms in option 43/176 or xxx.SCR script file.

The VPNremote Phone is experiencing a looping condition. This condition is caused by the
gateway IP address being set to 0.0.0.0. Change the device IP address to the static security
device IP address or DHCP.

●

Loading ……. is not seen during startup and mute light flashes.

Check the bootcode version. Older version such as 1.9x is not compatible with the latest
software version.

IKE and IPSec Negotiation Failures

●

Enable IKE Logging on the security device

●

Perform TCP dumps from the security device console/SSH connection.

Phone fails to register

●

Confirm the VPN tunnel was built

1. Check if the security associations (SA) are built on security device under Monitor/VPN

from the Web interface.

2. When the VPN Phone starts, does it access the TFTP server through the VPN tunnel. If it

does then the tunnel is up to that network. Check to see if the call server is on the same
subnet as the TFTP server. If configured IP group in SG covers both address, then
access should be available.

●

Perform a tTCP dump on interfaces of the central security device. Check to see if the esp
packets are arriving from the phone during the time it should be registering.

1. If not Check the L3 Audio and Signaling values. If set to 46/34, change to zero and restart

phone and check tcpdump.

2. If TOS bits are being copied to esp packet on the security device side, Communication

Manager configuration may need to be changed. The above may be require when ISPs
block TOS marked packets.