Preview Tool

Cisco Bug: CSCuj71475 - Manual TFTP entry needed for IP Phone VPN

Last Modified

Aug 27, 2020

Products (1)

Known Affected Releases


Description (partial)

When setting up the SSL VPN to ASA using phone's built in VPN client, it is required to set the "Alternate TFTP" setting to "yes" and configure the TFTP server IP in the next entry in the IP phone Network configuration menu. Without explicitly setting this, the Cisco IP Phone will not be able to contact the TFTP server and download its configuration and other files and function properly. IP phone administration guides do not state this requirement.

A common symptom of not having alternate TFTP configured on a VPN connected phone is that the phone will not log missed, placed, or received calls.  After configuring an alternate TFTP, missed, placed, and received calls log properly under the phone's call history.

All IP phones supporting SSL VPN with their built in VPN client that are not provided the correct TFTP address via OPTION 150 from local DHCP server.

Related Community Discussions

VoIP over SSL VPN - Home user DHCP "next server ip address" field breaking phones
Ok, so I setup a Cisco SSL IP Phone VPN to an ASA5550. It works great, except for in 90% of my users houses, they have a DHCP server that is giving them "next server ip address" with the address of their Default gateway. The Cisco Phones are interpreting this as the TFTP server, so the phone pings the TFTP server, verifies connectivity, and does not initiate the VPN because the TFTP server responded. So the fix is to manually enter the TFTP server address on the phone, which means it is hard coded ...
Latest activity: Jan 08, 2017
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.