Forum Discussion

Bardak00_219670's avatar
Bardak00_219670
Icon for Nimbostratus rankNimbostratus
Aug 20, 2018
Solved

Alcatel IP Desk Phone Through APM (TFTP)

Hello All

 

Im trying to get the Alcatel IP desk phone software working through a F5 Acces Policy Manager remote access VPN connection using the F5 client.

 

From what i can see the IP Desk Phone tries to establish a TFTP connection to the PABX but the configuration file the phone needs does not come across.

 

The packet cap is below

 

The PABX is 10.17.255.3. And 10.16.246.54 is the client address as connected through the VPN Tunnel

 

14:27:34.452972 IP 10.16.246.54.57815 > 10.17.255.3.tftp: 58 RRQ "lanpbx.cfg" octet blksize 1428 timeout 5 tsize 0 tsize 0 out slot1/tmm0 lis=_tmm_apm_fwd_vip 14:27:34.457704 IP 10.17.255.3.10076 > 10.16.246.54.57815: UDP, length 25 in slot1/tmm2 lis= 14:27:34.457874 IP 10.16.246.54 > 10.17.255.3: ICMP net 10.163.246.54 unreachable, length 36 out slot1/tmm0 lis=

 

The Alcatel OpenTouch VoiP soft phone works fine but this does not use TFTP to setup the phone so there must be something I'm missing in getting TFTP traffic to work through APM.

 

Any assistance would be appreciated.

 

  • Sorry about the delayed response guys but got this working now, what it ended up being is we are using multiple route domains, the connectivity profile and Virtual server was attached to route domain 0 and the access policy was using route domain 2.

     

    I created a new connectivity profile and attached it to the route domain 2 then updated the virtual server to use this connectivity profile and it all worked.

     

    I'm still not sure why the connectivity profile would only cause TFTP traffic not to function properly I would of thought it would of broken everything, maybe somebody who understands connectivity profiles in depth can explain this?

     

    But anyway all sorted now thanks guys.

     

4 Replies

  • When you say the Alcatel IP desk phone software I assumed it was a softphone but you later say the Alcatel OpenTouch VoiP soft phone works fine so I'll assume we're working with a traditional voip phone that daisy chains PC->VoIP_Phone->Switch.

     

    In a traditional enterprise design, the voip phone is unaware of the routes installed on your PC as it is using its own VLAN to directly connect to the LAN. If the LAN doesn't know how to route to the TFTP server, the communication will fail.

     

  • APM supports any ip v4 protocols like tcp, udp and icmp.

     

    TFTP is a service running on UDP protocol, so it may work!

     

    If the soft phone works except this TFTP service, it means there is no issue with UDP

     

    Did you configure split tunnel in your vpn?

     

    Is there a route on bigip to the TFTP server?

     

    Are you able to ping the TFTP server?

     

  • Sorry about the delayed response guys but got this working now, what it ended up being is we are using multiple route domains, the connectivity profile and Virtual server was attached to route domain 0 and the access policy was using route domain 2.

     

    I created a new connectivity profile and attached it to the route domain 2 then updated the virtual server to use this connectivity profile and it all worked.

     

    I'm still not sure why the connectivity profile would only cause TFTP traffic not to function properly I would of thought it would of broken everything, maybe somebody who understands connectivity profiles in depth can explain this?

     

    But anyway all sorted now thanks guys.

     

  • MatBel's avatar
    MatBel
    Icon for Nimbostratus rankNimbostratus

    You must enable the Preserve Source Port Strict setting:

    https://support.f5.com/csp/article/K16680