Cisco IP-Phone registration issue with Juniper Firewall
About half a year ago, I have one problem that IP-Phones were not registered to CUCM when I did migration project from Legacy PBX to Cisco IP-Phone. Only IP-Phones on remote site were failed for registration. On their screens, the message "Phone not registered" were shown. [NW Topology] CUCM --|MPLS| -- Main Office --|IPSEC-VPN| -- RemoteOffice * For IPSEC-VPN, both of end device is Juniper firewall. After several steps of troubleshoot, we found Juniper firewall drops some packets of SCCP. Later on, Cisco TAC also give us same conclusion.. We got a bit confused because for VPN tunnel, policy is configured as permit any any. But TAC said, even those case still some of SCCP is dropped. http://kb.juniper.net/InfoCenter/index?page=content&id=KB18226 We couldn't use workaround on above link since one of our Juniper Firewall is old one and cannot configure " unset alg sccp enable" on that (But it's not confirmed by my, but our firewall...
