VPN drops are one of many reports since everyone started working remotely two years ago. The reports of Cisco VPN drops don’t come in as frequent now but would say at least one person every week calls in minimum. Most cases it’s related to the users home internet.
For example, I have a user now reporting their desk phone will drop connection in the middle of a call. VPN on the phone will usually drop; sometimes it doesn’t, even though the call dropped. Finesse will lose connection “finesse failed to connect to the phone,”. Home internet speed tests appear to be in requirements. Issue started two days ago.
The solution from our level 3 support team is to send them a replacement, which doesn’t make much sense to me for how many we send out. Sometimes it works, but usually, it’s not a permanent fix. My thought is it has to be related to the users home internet, but when their speed tests come back in requirements it’s hard to push the user to work with their ISP. Any suggestions or insight would be appreciated.
Phone Model: CP-8841
Troubleshooting steps to reference -
- Home router-modem rebooted
- Reconnected Ethernet cable from phone to router
- Ethernet cable routed from phone to laptop was rerouted to connect the computer to the router instead of passing through the phone. (laptop does not experience VPN drops).
- Users speed tests 190mbps down, 8mbps up, 48 ping, 41 Jitter.
- Replaced Ethernet cable
Are you using AnyConnect Phone VPN on these or using MRA with Expressway? Using MRA is going to be the more preferred setup. The phone console logs and Anyconnect logs on the ASA should give some insight assuming you’re using Phone VPN now.
*Destination of users call should be investigated
*Logs on phone to be investigated
*Stability of home users connection (set a ping going to phone and to laptop <even thought the vpn doesn’t drop>)
*Consider (or experiment) with Expressways instead of VPN for phone registration and calls as it removes the VPN from the equation.
While I agree with others that MRA is likely a better option, have you checked for congestion at the organisation’s internet gateway/VPN head end?
What version of AnyConnect are you running? The user issue that you received today, did you pull logs?
Give the user a list of ports to verify with ISP. I found in the past ISP blocked specific voice ports ( begging of pandemic ) and will tell people they did not have the voip feature and that it will cost extra. Regardless, jut have them verify the ports in addition to the suggestions below.
https://community.cisco.com/t5/ip-telephony-and-phones/cucm-cuc-tcp-udp-port-requirements-for-an-ip-phone/td-p/4027155
Phone registration likely isn’t being renewed before it expires. This causes the device target to unregister. When the device target goes OOS Finesse kicks the user out.
t M
My org has this issue and this was the answer.
We were sending over 1gb data while the throughput limit was 1gb.