cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
630
Views
2
Helpful
3
Replies

Cisco Phone VPN, save authentication password

Leo Salcie Tejeda
Rising star
Rising star

Hi,

is there a way to save the user/password during VPN authentication process?

We are running CUCM 9.1.2 + ASA for register 2 IP Phone.  The problem is that when the phones got unregister because some electrical or internet issue at the remote site someone has to write user/pass again, for End User is not a easy task.

 

Any help would be appreciated.

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
3 Replies 3

Leo Salcie Tejeda
Rising star
Rising star

Answering my own question, the answer is yes...

Cisco VPN Phone support Certificate Authentication. The configuration details below:

 

Certificate Authentication Configuration

In order to configure certificate authentication, complete these steps in CallManager and the ASA:

  1. From the menu bar, choose Advanced Features > VPN > VPN Profile.

  2. Confirm the Client Authentication Method field is set to Certificate.

  3. Log in to CallManager. From the menu bar, choose Unified OS Administration > Security > Certificate Management > Find.

  4. Export the correct certificate(s) for the selected certificate authentication method:

    • MICs: Cisco_Manufacturing_CA - Authenticate IP Phones with a MIC

    • LSCs: Cisco Certificate Authority Proxy Function (CAPF) - Authenticate IP Phones with an LSC

 

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

Using MIC cert is not recommended by Cisco due to ease of hacking the access. From:

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/115785-anyconnect-vpn-00.html

 

Note: Cisco recommends that you use MICs for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with CUCM. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.

 

Reviving an old post to help anyone else.

Right underneath the Client Authentication Drop-down box you circled, there's a checkbox for "Password Persistence" that would solve your initial problem, fyi.

-Tony

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers