Does the cable modem provider offer a voice service? ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431
Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: sipx-users-boun...@list.sipfoundry.org <sipx-users-boun...@list.sipfoundry.org> To: Discussion list for users of sipXecs software <sipx-users@list.sipfoundry.org> Sent: Tue Sep 21 12:01:58 2010 Subject: Re: [sipx-users] SRV records for ftp OK, I think I'm down to my last issue. What works: * I can place incoming calls from the PSTN through flowroute * From the PSTN, I can dial the remote extension from the auto attendant and audio works in both directions What does not * I can dial out to the PSTN from the remote extension and I have audio from the person called, but no audio from the remote. The last problem exists regardless of what I physically do on the remote end. I have tried the remote phone behind 3 different routers. I have tried having the phone behind VPN and not behind VPN (outbound proxy on phone was always set to the local WAN in both cases). I even tried plugging the phone directly into the cable modem so no router/firewall is involved and the phone's IP was the remote WAN. The same problem exists regardless of what I do. This leads me to the conclusion that it is not a remote SIP ALG or firewall issue. * The pubic IP setting under Server-->NAT is set to the local WAN * Under Internet Calling-->NAT both boxes are checked * Intranet Domains is set to the correct domain * Intranet Subnets is set the company's LAN subnet in the following format: xxx.xxx.xxx.0/24 * SIP ALG is turned off on the local sonicwall * firewall rules and NAT rules are in place Any clues? Stiles Tony Graziano wrote: > > > On Mon, Sep 20, 2010 at 2:19 PM, Stiles Watson <wat...@datatek-net.com > <mailto:wat...@datatek-net.com>> wrote: > > See response below: > > Tony Graziano wrote: > > When you generate a profile, it creates the configuration files the > > phone needs. > > > > When you get a 0x error on booting a polycom it is usually > because the > > profile is there or there is a firmware you are trying to send the > > phone that is not compatible. then you see it constantly reboot and > > repeat the cycle. > > > > YOU MUST send the profile (even if the phone is not plugged in) > or the > > phone cannot pick it up. That's how the configs are generated. > (all of > > this is in the book, btw). > Thanks, understood. > > > > If you have no audio, you should ensure the registration is > occurring > > properly in sipxconfig > > > > it should give you the real IP address of the remote firewall with a > > private contact address of the phone (phone internal ip address). > I'm assuming when you say real IP you mean the remote WAN > IP. If > that is true then, yes that is how the registration appears under > Diagnostics-->Registrations. > > > > if you are having audio issues, you must ENSURE the SPI (stateful > > packet filtering) and SIP ALG is turned off on the remote firewall. > > you must also ensure the server is set to behind nat, remote > users are > > enabled, and that your intranet subnets are properly defined. > * Remote SPI is off > * as far as I am aware DD-WRT (v24 (05/24/08) vpn -- not voip) > has no SIP ALG > * Server behind NAT is checked > * remote users are enabled > * For intranet subnets, does the remote user's subnet have > to be > added? I'm assuming so, but I just want to be sure. > > No. Only if it is on WAN or VPN (route to it without NAT) should it be > added there. > > The sipx server page should also have your NAT setting with the public > facing ip of sipx configured. > > Independently ddwrt may have sipxroxd or milkfish compiled with it, so > you ought to check on that and make sure it is disabled... > > > Still does not work, but I'll keep digging. > > Stiles > > > > On Mon, Sep 20, 2010 at 1:37 PM, Stiles Watson > <wat...@datatek-net.com <mailto:wat...@datatek-net.com> > > <mailto:wat...@datatek-net.com <mailto:wat...@datatek-net.com>>> > wrote: > > > > you wrote, "Is it just this hard for you?" > > > > I'm not sure how to take that. > > > > Anyway, I did as you said and clicked "Send Profiles." The > job failed > > due to timeout, but it must have generated all the files, > because > > on the > > next reboot, the phone registered - via tftp! > > > > I know you think it's easier to use FTP, but I have to work > within the > > resources and limitations I have. > > > > Thanks again for your help and insight. > > > > BTW, I can dial another extension, but I get no audio. I'll > try do dig > > that out on my own via the book, the wiki and the archives > before I > > bother anyone else. > > > > Stiles > > > > > > Tony Graziano wrote: > > > Go to the phone in sipxconfig and generate (push) profile > to the > > phone. A > > > reboot of the phone is not necessary. > > > > > > Is it just this hard for you? > > > > > > Hopefully you don't have a version of firmware earlier than > > 3.2.1. A 335 is > > > a difficult phone to deploy remotely with a polycom r.e > bug. If > > I were you > > > I'd turn off any device files (inactivate) so you aren't > > mistakenly trying > > > to push an ealier version. > > > ============================ > > > Tony Graziano, Manager > > > Telephone: 434.984.8430 > > > Fax: 434.984.8431 > > > > > > Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> > > > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > > Telephone: 434.984.8426 > > > Fax: 434.984.8427 > > > > > > Helpdesk Contract Customers: > > > http://www.myitdepartment.net/gethelp/ > > > > > > ----- Original Message ----- > > > From: sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>> > > > <sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>>> > > > To: Discussion list for users of sipXecs software > > > <sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>>> > > > Sent: Mon Sep 20 13:06:57 2010 > > > Subject: Re: [sipx-users] SRV records for ftp > > > > > > That is very true. > > > > > > Interesting development: I pulled down the polycom ip 335 > admin > > guide > > > and on the top of page 41 (3-5) there is the following note: > > > > > > "Setting Option 66 to tftp://192.168.9.10 > <http://192.168.9.10> <http://192.168.9.10> > > has the effect of forcing a > > > TFTP download. Using a TFTP URL (for example, > > > tftp://provserver.polycom.com > <http://provserver.polycom.com> <http://provserver.polycom.com>) > > has the same effect." > > > > > > So, I manually configed the phone and set the "Server Type" to > > > "TrivalFTP," and set the "Server Address" to > > "tftp://24.106.178.178 <http://24.106.178.178> > <http://24.106.178.178>" > > > (the WAN), opened the firewall to allow tftp traffic to > the sipxecs > > > subnet, added appropriate NAT policies, rebooted the phone > and ... > > > > > > I get "Config file error Error is 0x20" and the phone > continuously > > > reboots. On reboot, the phone displays "Updating Config," gets > > an IP, > > > displays the error and the process starts all over again. > > > > > > I'm assuming this means it actually tried to get a file > from the > > server > > > and there is either something wrong with the file or no > file was > > found, > > > but that is just a guess. Based on this assumption, I > executed a > > find > > > for the MAC.cfg on the server, but nothing was found, > which seems > > > incorrect. > > > > > > Am I getting closer or just spinning my wheels? > > > > > > Stiles > > > > > > > > > Tony Graziano wrote: > > > > > >> You changes the sip password in sipxconfig since the phone > > loaded its > > >> profile last. > > >> ============================ > > >> Tony Graziano, Manager > > >> Telephone: 434.984.8430 > > >> Fax: 434.984.8431 > > >> > > >> Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> > > >> > > >> LAN/Telephony/Security and Control Systems Helpdesk: > > >> Telephone: 434.984.8426 > > >> Fax: 434.984.8427 > > >> > > >> Helpdesk Contract Customers: > > >> http://www.myitdepartment.net/gethelp/ > > >> > > >> ----- Original Message ----- > > >> From: sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>> > > >> <sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>>> > > >> To: Discussion list for users of sipXecs software > > >> <sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>>> > > >> Sent: Mon Sep 20 12:02:33 2010 > > >> Subject: Re: [sipx-users] SRV records for ftp > > >> > > >> The registration request is getting to sipx. I turned the > > logging level > > >> to DEBUG, restarted the services and executed following: > > >> > > >> tail -f /var/log/sipxpbx/sipXproxy.log | grep "REGISTER > sip" | grep > > >> "1...@datatek-net.com <mailto:1...@datatek-net.com> > <mailto:1...@datatek-net.com <mailto:1...@datatek-net.com>>" > > > regdebug141.log > > >> > > >> After the polycom reboot completed, I executed > > >> > > >> wc -l regdebug141.log > > >> > > >> and received "17 regdebug141.log" as the result. I then > executed > > >> > > >> grep -i received regdebug141.log | wc -l > > >> > > >> with a result of '9'. When I tail > > /var/log/sipxpbx/sipregistrar.log I > > >> see the following: > > >> > > >> > > > > "2010-09-20T15:19:11.048702Z":33020:AUTH:DEBUG:sipx.datatek-net.com:SipRegistrarServer:B6C81B90:SipRegistrar:"SipRegistrarServer::isAuthorized > > >> fromNameAddr='\"Stiles > > >> Watson\"<sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>>;tag=1F8AD21E-973871A1', > > >> toUri='sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>', realm='datatek-net.com > <http://datatek-net.com> > > <http://datatek-net.com>'" > > >> > > > > "2010-09-20T15:19:11.051052Z":33028:AUTH:ERR:sipx.datatek-net.com:SipRegistrarServer:B6C81B90:SipRegistrar:"Response > > >> auth hash does not match (bad password?) > > toUri='sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>' > > >> requestUser='141/0004f22d79be' > > >> requestNonce='473b74442d2dcf443a0823b9dbbdefaa4c977b6e' > > >> uriParam='sip:datatek-net.com:5060 > <http://datatek-net.com:5060> > > <http://datatek-net.com:5060>' passTokenDB='6qk50suJ' > > >> authTypeDB='DIGEST'" > > >> > > >> > > > > "2010-09-20T15:19:11.052127Z":33030:SIP:DEBUG:sipx.datatek-net.com:SipRegistrarServer:B6C81B90:SipRegistrar:" > > >> ---------------------------------- > > >> Sending final response > > >> SIP/2.0 401 Unauthorized > > >> From: \"Stiles Watson\" <sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>>;tag=1F8AD21E-973871A1 > > >> To: <sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>>;tag=50CQ8f > > >> Call-Id: 653dce0e-9a15011-6ecf0...@192.168.16.102 > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102> > > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102 > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102>> > > >> Cseq: 2 REGISTER > > >> Via: SIP/2.0/TCP > > >> > > > > 24.106.178.178:5060;branch=z9hG4bK-XX-131f715siA6jenamQxLO0Tevfg;received=192.168.25.11;rport=54527 > > >> Via: SIP/2.0/UDP > > >> > > > > 192.168.16.102;branch=z9hG4bK6e5a416f288A684A;received=75.189.229.254;rport=5060 > > >> Www-Authenticate: Digest realm=\"datatek-net.com > <http://datatek-net.com> > > <http://datatek-net.com>\", > > >> nonce=\"9406c4cb79ee436c0cfd9b2082a412444c977b6f\", > qop=\"auth\" > > >> User-Agent: sipXecs/4.2.1 sipXecs/registry (Linux) > > >> Content-Length: 0" > > >> > > >> > > > > "2010-09-20T15:19:11.061815Z":33038:OUTGOING:INFO:sipx.datatek-net.com:SipRegistrarServer:B6C81B90:SipRegistrar:"SipUserAgent::sendTcp > > >> TCP SIP User Agent sent message: > > >> ----Local Host:192.168.25.11---- Port: -1---- > > >> ----Remote Host:192.168.25.11---- Port: 54527---- > > >> SIP/2.0 401 Unauthorized > > >> From: \"Stiles Watson\" <sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>>;tag=1F8AD21E-973871A1 > > >> To: <sip:1...@datatek-net.com > <mailto:sip%3a...@datatek-net.com> > > <mailto:sip%3a...@datatek-net.com > <mailto:sip%253a...@datatek-net.com>>>;tag=50CQ8f > > >> Call-Id: 653dce0e-9a15011-6ecf0...@192.168.16.102 > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102> > > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102 > <mailto:653dce0e-9a15011-6ecf0...@192.168.16.102>> > > >> Cseq: 2 REGISTER > > >> Via: SIP/2.0/TCP > > >> > > > > 24.106.178.178:5060;branch=z9hG4bK-XX-131f715siA6jenamQxLO0Tevfg;received=192.168.25.11;rport=54527 > > >> Via: SIP/2.0/UDP > > >> > > > > 192.168.16.102;branch=z9hG4bK6e5a416f288A684A;received=75.189.229.254;rport=5060 > > >> Www-Authenticate: Digest realm=\"datatek-net.com > <http://datatek-net.com> > > <http://datatek-net.com>\", > > >> nonce=\"9406c4cb79ee436c0cfd9b2082a412444c977b6f\", > qop=\"auth\" > > >> User-Agent: sipXecs/4.2.1 sipXecs/registry (Linux) > > >> Date: Mon, 20 Sep 2010 15:19:11 GMT > > >> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, REGISTER, > > SUBSCRIBE > > >> Accept-Language: en > > >> Supported: gruu, path > > >> Content-Length: 0 > > >> > > >> --------------------END--------------------" > > >> > > >> I've tripple-checked the SIP pasword and it is correct. > So I'm > > guessing > > >> "Response auth hash does not match (bad password?)" from > the debug > > >> statement is referring to something else. > > >> > > >> Stiles > > >> > > >> Tony Graziano wrote: > > >> > > >> > > >>> If it has a valid config file and the remoe firewall has spi > > and sip alg > > >>> off > > >>> and your sonicwall is not getting in thje way, yes. > > >>> ============================ > > >>> Tony Graziano, Manager > > >>> Telephone: 434.984.8430 > > >>> Fax: 434.984.8431 > > >>> > > >>> Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> > > >>> > > >>> LAN/Telephony/Security and Control Systems Helpdesk: > > >>> Telephone: 434.984.8426 > > >>> Fax: 434.984.8427 > > >>> > > >>> Helpdesk Contract Customers: > > >>> http://www.myitdepartment.net/gethelp/ > > >>> > > >>> ----- Original Message ----- > > >>> From: sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>> > > >>> <sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org> > > <mailto:sipx-users-boun...@list.sipfoundry.org > <mailto:sipx-users-boun...@list.sipfoundry.org>>> > > >>> To: Discussion list for users of sipXecs software > > >>> <sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>>> > > >>> Sent: Mon Sep 20 07:50:59 2010 > > >>> Subject: Re: [sipx-users] SRV records for ftp > > >>> > > >>> Still working through the options you've given me, but the > > Polysom should > > >>> be able to register remotely without ftp if everything > is configed > > >>> correctly, right? > > >>> > > >>> Stiles > > >>> > > >>> On Fri, 17 Sep 2010 20:43:24 -0400, Tony Graziano > > >>> <tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>>> wrote: > > >>> > > >>> > > >>> > > >>>> By the way... the first sentence in this thread is: > > >>>> "OK Tony, shoot me down:" > > >>>> > > >>>> It's actually the IETF and Polycom who did the shooting > here... > > >>>> IETF should write two papers on an RFC. Once for engineers, > > and one for > > >>>> everyone else instead of trying to deciper what they mean > > with loosely > > >>>> selected verbs. > > >>>> Polycom (like a lot of hardware manufacturers) should > state, > > this works > > >>>> for this, that works for that, and not you can't mix and > > match ip's and > > >>>> ports, we like it this way... it wouldn't be that hard. > > >>>> On Fri, Sep 17, 2010 at 7:02 PM, Tony Graziano wrote: > > >>>> Realize the Aastra is a different client, and "how" the > > manufacturer > > >>>> implements a protocol is VERY different from another one... > > >>>> FTP is the way to do it, and these days PASV FTP is pretty > > much needed > > >>>> > > >>>> > > >>>> > > >>> to > > >>> > > >>> > > >>> > > >>>> do bootrom updates with Polycom. Even in their http/https > > provisioning > > >>>> they won't do bootrom and firmware over https, only > http. So > > it's not as > > >>>> simple as "just make sipx use https", it would have to do > > both. Add to > > >>>> that Polycom is constantly changing their config file > format, > > >>>> > > >>>> > > >>>> > > >>> parameters, > > >>> > > >>> > > >>> > > >>>> arguments, etc. FTP works, so that's what I suggest to do. > > >>>> Can you get another IP and add it to the firewall (even if > > just for > > >>>> ftp)...? > > >>>> > > >>>> On Fri, Sep 17, 2010 at 6:26 PM, Stiles Watson wrote: > > >>>> Thanks, you are a wealth of info! I'll try the several > > options you've > > >>>> given me. > > >>>> > > >>>> FYI, I had an Aastra 67301i auto provisioning with trixbox > > CE via TFTP. > > >>>> The phone made its request to the public IP and all I > had to > > do on the > > >>>> local firewall was open the port for WAN to trixbox subnet > > and create > > >>>> the NAT rules to send the request to the trixbox > server. No > > remote > > >>>> firewall config had to be done. > > >>>> > > >>>> Stiles > > >>>> > > >>>> Tony Graziano wrote: > > >>>> > Crap. That's a loaded question. > > >>>> > > > >>>> > It all in the protocol, and ANY nat translation. > > >>>> > > > >>>> > TFTP (nothing to do with sipx, its the nature of tftp) > > must use a > > >>>> > pseudo random port or your remote firewall must have > a way > > to punch > > >>>> > through udp in NAT mode, which is not the same as > ANY NAT > > >>>> > > >>>> > > >>>> > > >>> translation, > > >>> > > >>> > > >>> > > >>>> > which means it is inherently PASV, but the typical tftpd > > in linux > > >>>> > > >>>> > > >>>> > > >>> does > > >>> > > >>> > > >>> > > >>>> > not have the ability to specify PORTS. It's like > PASV FTP, > > where port > > >>>> > 21 is the control channel, but in vsftpd you specify the > > ports where > > >>>> > the requests for data is coming from. It is more likely > > the remote > > >>>> > firewall (try putting the phone IP as a DMZ host just to > > see if tftp > > >>>> > works). I don't fiddle much with home based routers, > > they're a pain. > > >>>> > > > >>>> > http://www.rfc-editor.org/rfc/rfc3489.txt [3] > > >>>> > > > >>>> > It makes me need a drink, and its why I use FTP for > remote > > phones. > > >>>> > > > >>>> > There is a way to get that to work, but you must > have the > > required > > >>>> > items (port translation, and that pattern is full). > > >>>> > > > >>>> > > > >>>> > On Fri, Sep 17, 2010 at 5:55 PM, Stiles Watson > wrote: > > >>>> > > > >>>> > Well, not so happy about that. > > >>>> > > > >>>> > Thanks for the explanation though. > > >>>> > > > >>>> > So ... why can I not use TFTP? > > >>>> > > > >>>> > Stiles > > >>>> > > > >>>> > Tony Graziano wrote: > > >>>> >> Er.. Bang? > > >>>> >> > > >>>> >> I could assume the FTP NAT/PAT (NAT with port > > translation) from > > >>>> >> 21 to 844 would work... > > >>>> >> > > >>>> >> PHONE--(grab file at > > >>>> >> ftp://1.2.3.4:8444 [6])INTERNET > 192.168.2.2:21 <http://192.168.2.2:21> > > <http://192.168.2.2:21> [7] , > > >>>> sending it on>>--vsftpd > > >>>> >> > > >>>> >> 1. I don't think the polycom is sophisticated > enough > > to do any > > >>>> >> type of DNS lookup other than hostname or IP > for ftp, > > so the > > >>>> SRV > > >>>> >> record is not useful, you're better off > removing it. > > >>>> >> 2. The remote phone must be hardcoded > > >>>> >> (menu>advanced>servermenu>ftp ftp port BUT the > > >>>> >> polycom doesn't allow you to change the PORT. > > >>>> >> > > >>>> >> If the SRV records do work, you should alter vsftpd > > to run on > > >>>> >> that port anyway, but I am doubtful that is > functional. > > >>>> >> > > >>>> >> > > >>>> > > >>>> > > >>>> > > >>>> > > >>> > > > > http://www.polycom.com/global/documents/support/setup_maintenance/products/voice/spip_ssip_Admin_Guide_SIP_3_1.pdf > > >>> > > >>> > > >>> > > >>>> [9] > > >>>> >> > > >>>> >> 3-9 and 3-10 pretty much tell me a hostname or > IP is > > all they > > >>>> >> accept. The protocols are perhaps > non-negotiable for > > >>>> provisioning > > >>>> >> to alter the port with the exception of the "120" > > option, which > > >>>> >> is a string, though the polycom may not handle > > parsing the > > >>>> >> ip:port part of it as it has very limited logic at > > bootup. > > >>>> >> > > >>>> >> Don't assume when they say ftps they mean ftp over > > ssh, its > > >>>> not, > > >>>> >> it means ssl is configured and running on your ftp > > server, but > > >>>> >> still running on port 21. So you either need to > > "change" the > > >>>> NAT > > >>>> >> on your firewall and see if the PASV config setting > > work and > > >>>> the > > >>>> >> phone provisions remotely, then decide how you want > > to proceed. > > >>>> >> > > >>>> >> Bootrom changes pretty much force a > "non-active" FTP > > server to > > >>>> be > > >>>> >> out of the picture (really, in the document link > > above, go > > >>>> >> figure), which means you can upgrade firmware and > > config but > > >>>> not > > >>>> >> bootrom after a certain version is loaded. So > thanks > > Doug for > > >>>> >> pushing on this one. > > >>>> >> > > >>>> >> I think Polycom is REAL FUZZY on this, because > they don't > > >>>> >> EXPLICITLY state the following: > > >>>> >> > > >>>> >> FTP or FTPS means PORT 21, no exceptions! (etc. for > > ftfp, http > > >>>> on > > >>>> >> port 80 https on 443, etc. > > >>>> >> PASV FTP requires the following commands to be > > available on the > > >>>> >> FTP server (and provide the fracking list!). > > >>>> >> > > >>>> >> I am real doubtful you can put in a "120" > string and do > > >>>> >> "ftp://1.2.3.4:8444 [10]", but heck maybe you > can and > > I'm just > > >>>> too > > >>>> >> lazy to try? > > >>>> >> > > >>>> >> So this means you can test with what you got but > > rearrange the > > >>>> >> firewall, push your configs, and then change it > > back... or get > > >>>> >> another public IP on your firewall for this... > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> >> On Fri, Sep 17, 2010 at 5:19 PM, Stiles Watson > > >>>> >> wrote: > > >>>> >> > > >>>> >> OK Tony, shoot me down: > > >>>> >> > > >>>> >> I'm attempting to do what you suggested and > use FTP > > >>>> instead > > >>>> >> of TFTP for > > >>>> >> remote provisioning the Polycom IP 335. The > > problem is > > >>>> that > > >>>> >> we already > > >>>> >> use FTP and we can not move our customer facing > > FTP to > > >>>> >> another port. I > > >>>> >> figured I could just configure the phone to use > > ftp on > > >>>> >> another port - > > >>>> >> but i was wrong (at least I could not find an > > place to do > > >>>> it). > > >>>> >> > > >>>> >> Therefore, my solution: > > >>>> >> > > >>>> >> * setup an SRV record to point to the > > non-standard ftp > > >>>> port > > >>>> >> (8444) > > >>>> >> > > >>>> >> ** _ftp._tcp.datatek-net.com > <http://tcp.datatek-net.com> > > <http://tcp.datatek-net.com> [13] . > > >>>> >> 7200 IN SRV 0 0 8444 > datatek-net.com <http://datatek-net.com> > > <http://datatek-net.com> [15] > > >>>> >> . > > >>>> >> > > >>>> >> ** this SRV record was created on the > primary DNS > > for our > > >>>> >> domain and not > > >>>> >> on the DNS server running on the sipX box as it > > is behind > > >>>> NAT. > > >>>> >> > > >>>> >> * configured the phone to use FTP and use > the SRV > > url as > > >>>> the > > >>>> >> server ( > > >>>> >> _ftp._tcp.datatek-net.com > <http://tcp.datatek-net.com> > > <http://tcp.datatek-net.com> [17] ) > > >>>> >> > > >>>> >> * configured the firewall to allow (8444) > traffic > > from > > >>>> WAN to > > >>>> >> the sipX > > >>>> >> subdomain > > >>>> >> > > >>>> >> * created a PAT policy to translate port 8444 > > coming into > > >>>> the > > >>>> >> WAN to > > >>>> >> port 21 and forwarded it to the sipX server. > > >>>> >> > > >>>> >> I also configed vsftp.conf via your xx-8904 > > ticket as you > > >>>> >> suggested. > > >>>> >> > > >>>> >> But ... it still does not work. > > >>>> >> > > >>>> >> By the way, I bought the e-book yesterday > and am > > finding > > >>>> it > > >>>> >> very helpful. > > >>>> >> > > >>>> >> Stiles > > >>>> >> _______________________________________________ > > >>>> >> sipx-users mailing list > > >>>> >> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> [19] > > >>>> >> > > >>>> >> List Archive: > > >>>> http://list.sipfoundry.org/archive/sipx-users/ [21] > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> >> -- > > >>>> >> ====================== > > >>>> >> Tony Graziano, Manager > > >>>> >> Telephone: 434.984.8430 > > >>>> > > >>>> > > >>>> > > >>> begin_of_the_skype_highlighting 434.984.8430 > > >>> end_of_the_skype_highlighting > > >>> > > >>> > > >>> > > >>>> >> sip: tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net> > > <mailto:tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net>> [22] > > >>>> >> > > >>>> >> Fax: 434.984.8431 > > >>>> >> > > >>>> >> Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> [24] > > >>>> >> > > >>>> >> > > >>>> >> LAN/Telephony/Security and Control Systems > Helpdesk: > > >>>> >> Telephone: 434.984.8426 > > >>>> >> sip: helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net> > > <mailto:helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net>> [26] > > >>>> >> > > >>>> >> Fax: 434.984.8427 > > >>>> >> > > >>>> >> Helpdesk Contract Customers: > > >>>> >> http://www.myitdepartment.net/gethelp/ [28] > > >>>> >> > > >>>> >> Why do mathematicians always confuse Halloween and > > Christmas? > > >>>> >> Because 31 Oct = 25 Dec. > > >>>> >> > > >>>> >> > > >>>> > > > ------------------------------------------------------------------------ > > >>>> >> _______________________________________________ > > sipx-users > > >>>> >> mailing list sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> [29] > > >>>> >> List Archive: > > >>>> >> http://list.sipfoundry.org/archive/sipx-users/ [31] > > >>>> > > > >>>> > > > >>>> > _______________________________________________ > > >>>> > sipx-users mailing list > > >>>> > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> [32] > > >>>> > List Archive: > > http://list.sipfoundry.org/archive/sipx-users/ > > >>>> [34] > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > -- > > >>>> > ====================== > > >>>> > Tony Graziano, Manager > > >>>> > Telephone: 434.984.8430 > > >>>> > sip: tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net> > > <mailto:tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net>> [35] > > >>>> > > > >>>> > Fax: 434.984.8431 > > >>>> > > > >>>> > Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> [37] > > >>>> > > > >>>> > LAN/Telephony/Security and Control Systems Helpdesk: > > >>>> > Telephone: 434.984.8426 > > >>>> > sip: helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net> > > <mailto:helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net>> [39] > > >>>> > > > >>>> > Fax: 434.984.8427 > > >>>> > > > >>>> > Helpdesk Contract Customers: > > >>>> > http://www.myitdepartment.net/gethelp/ [41] > > >>>> > > > >>>> > Why do mathematicians always confuse Halloween and > Christmas? > > >>>> > Because 31 Oct = 25 Dec. > > >>>> > > > >>>> > > > >>>> > > > ------------------------------------------------------------------------ > > >>>> > > > >>>> > _______________________________________________ > > >>>> > sipx-users mailing list > > >>>> > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> [42] > > >>>> > List Archive: > > http://list.sipfoundry.org/archive/sipx-users/ [43] > > >>>> > > >>>> _______________________________________________ > > >>>> sipx-users mailing list > > >>>> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> [44] > > >>>> List Archive: > http://list.sipfoundry.org/archive/sipx-users/ > > [45] > > >>>> > > >>>> -- > > >>>> ====================== > > >>>> Tony Graziano, Manager > > >>>> Telephone: 434.984.8430 > > >>>> sip: tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net> > > <mailto:tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net>> [46] > > >>>> Fax: 434.984.8431 > > >>>> > > >>>> Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> [47] > > >>>> > > >>>> LAN/Telephony/Security and Control Systems Helpdesk: > > >>>> Telephone: 434.984.8426 > > >>>> sip: helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net> > > <mailto:helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net>> [48] > > >>>> Fax: 434.984.8427 > > >>>> > > >>>> Helpdesk Contract Customers: > > >>>> http://www.myitdepartment.net/gethelp/ [49] > > >>>> > > >>>> Why do mathematicians always confuse Halloween and > Christmas? > > >>>> Because 31 Oct = 25 Dec. > > >>>> > > >>>> > > >>>> > > >>> _______________________________________________ > > >>> sipx-users mailing list > > >>> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > >>> _______________________________________________ > > >>> sipx-users mailing list > > >>> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > >>> > > >>> > > >>> > > >>> > > >>> > > >> _______________________________________________ > > >> sipx-users mailing list > > >> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > >> _______________________________________________ > > >> sipx-users mailing list > > >> sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > >> > > >> > > >> > > >> > > > > > > _______________________________________________ > > > sipx-users mailing list > > > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > _______________________________________________ > > > sipx-users mailing list > > > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > > > > > > > > > _______________________________________________ > > sipx-users mailing list > > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > <mailto:sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org>> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > > > > > > -- > > ====================== > > Tony Graziano, Manager > > Telephone: 434.984.8430 > > sip: tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net> > > <mailto:tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net>> > > Fax: 434.984.8431 > > > > Email: tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net> > <mailto:tgrazi...@myitdepartment.net > <mailto:tgrazi...@myitdepartment.net>> > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > Telephone: 434.984.8426 > > sip: helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net> > > <mailto:helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net>> > > Fax: 434.984.8427 > > > > Helpdesk Contract Customers: > > http://www.myitdepartment.net/gethelp/ > > > > Why do mathematicians always confuse Halloween and Christmas? > > Because 31 Oct = 25 Dec. > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > sipx-users mailing list > > sipx-users@list.sipfoundry.org > <mailto:sipx-users@list.sipfoundry.org> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org <mailto:sipx-users@list.sipfoundry.org> > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: tgrazi...@voice.myitdepartment.net > <mailto:tgrazi...@voice.myitdepartment.net> > Fax: 434.984.8431 > > Email: tgrazi...@myitdepartment.net <mailto:tgrazi...@myitdepartment.net> > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: helpd...@voice.myitdepartment.net > <mailto:helpd...@voice.myitdepartment.net> > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > > ------------------------------------------------------------------------ > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/