Recently setup this office - it was my first time using the Cisco SPA509G phones. For the most part it’s worked quite well. The 15 local phones are configured and working well - with a few more tweaks needed.
However we need to provision two or three phones remotely. I’ve read a number of posts that say commercial EPM cannot do this - short of some ugly hacks that would prevent you from updating in the future.
EndPoint Manager and NAT
Using a VPN to connect would be ideal from what I’ve read - then EPM can just work as usual. This may work in one of the locations, but not the other as it has an older Netgear FVS114 router that has some legacy configuration I cannot touch and from what I can see it does not support OpenVPN.
Is there a recommended approach on how to handle this? I was thinking of using EPM to generated the spa.xml files under /tftpboot. Obviously the server address has to be changed to our external IP and maybe a few more things. But how to load it? Does that mean I then need a tftp server at the remote location?
Any ideas or hints on how to do this are appreciated.
Thank you - Richard
Did I post this in the wrong section of the forum?
I was hoping someone could at least give me some pointers on how to configure/manage a remote extension like this.
OK - for anyone else that might need to do this, here’s how I ended up getting this done - at least for now.
- In EPM cloned a template from one of my templates for local SPA509G phones.
- Adjusted the “Destination Address” to the outside IP of the FreePBX system.
- Set the Provision Server to be a PC at the local site.
- Use the Extension Mapping to create an entry for phone with the MAC address of the remote phone.
- Downloaded the following files/folders from the /tftpboot folder on the FreePBX server:
- spa.xml
- SPA509G.cfg
- cisco
- Placed the download files in folder c:\tftpboot on a computer at the remote office - e.g. with IP address 192.168.1.32.
- Installed tftpd32/64 on the PC and set it to just run the tftp server service, using the c:\tftpboot folder.
- Reset the Cisco SPA509G to factory defaults.
- Used the web interface on the SPA509G to set the “Profile Rule” on the Provisioning tab to “tftp://192.168.1.32/spa$MA.xml” - pretty much as you’d expect from the EPM instructions for this model phone.
- Rebooted the phone and watched it upgrade firmware and provision. It works.
For the remote offices that have static IPs I might try provisioning using HTTPS instead of TFTP. That would eliminate the manual copying of the xml files when updates occur. Not sure it’s worth the trouble though. We would need to open port 443 and add firewall rules that only allowed the remote office IP’s access.
For a half dozen phones or less that can’t do VPN this seems doable.