Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
2
Helpful
3
Replies

Cisco Phone VPN, save authentication password

Leo Salcie Tejeda
Level 7
Level 7

‎05-18-2015 09:46 AM - edited ‎03-17-2019 03:02 AM

Hi,

is there a way to save the user/password during VPN authentication process?

We are running CUCM 9.1.2 + ASA for register 2 IP Phone.  The problem is that when the phones got unregister because some electrical or internet issue at the remote site someone has to write user/pass again, for End User is not a easy task.

 

Any help would be appreciated.

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
Labels:
0 Helpful
3 Replies 3

Leo Salcie Tejeda
Level 7
Level 7

‎05-21-2015 05:38 AM

Answering my own question, the answer is yes...

Cisco VPN Phone support Certificate Authentication. The configuration details below:

 

Certificate Authentication Configuration

In order to configure certificate authentication, complete these steps in CallManager and the ASA:

  1. From the menu bar, choose Advanced Features > VPN > VPN Profile.

  2. Confirm the Client Authentication Method field is set to Certificate.

  3. Log in to CallManager. From the menu bar, choose Unified OS Administration > Security > Certificate Management > Find.

  4. Export the correct certificate(s) for the selected certificate authentication method:

    • MICs: Cisco_Manufacturing_CA - Authenticate IP Phones with a MIC

    • LSCs: Cisco Certificate Authority Proxy Function (CAPF) - Authenticate IP Phones with an LSC

 

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Leo Salcie Tejeda

‎05-21-2015 06:01 AM

Using MIC cert is not recommended by Cisco due to ease of hacking the access. From:

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/115785-anyconnect-vpn-00.html

 

Note: Cisco recommends that you use MICs for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with CUCM. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.

 

Tony Cilli Jr
Level 1
Level 1
In response to Leo Salcie Tejeda

‎06-29-2016 10:24 AM

Reviving an old post to help anyone else.

Right underneath the Client Authentication Drop-down box you circled, there's a checkbox for "Password Persistence" that would solve your initial problem, fyi.

-Tony

Customers Also Viewed These Support Documents