Configuring SSL VPN Phones using certificates with ASA and CUCME (Call Manager Express)
I just finished configuring remote SSL VPN phones using a 7945G. I have an ASA 5510 as the firewall and 2800 Series router running Call Manager Express 8.6. I followed the following guide at the below link almost line for line (obviously custom tailoring the config for my IP's and environment) to get this initially working.
This config works with utilizing SSL VPN phones with username and password authentication and works great. Keep in mind that after creating the CNF file on CME after the vpn group and vpn profile have added in the steps above, that one has to connect the phone locally in order to get the config file from CME, otherwise the VPN options on the phone will be grayed out. (As a side note, I was configuring this remotely so I created a site to site VPN between mine and the main location, added option 150 to my local DHCP server giving the TFTP Server of the main site hosting CME, the site to site VPN allowed the phone to get the CNF file without technically being local)
Also make sure you have the following licensing installed on your ASA
*ASA Premium or AnyConnect Essentials license
*AnyConnect VPN Phone license
As for certificates, Cisco only had documentation for doing this with full Call Manager, not the express version. I was able to get going using the MIC (Cisco's manufacturer certificate which is preinstalled on the Cisco phones). Also keep in mind that this is considered less secure than LSC's, Cisco's recommended certificates. The below document lines out how to set this up with full Call Manager.
For those that want to use the more secure certificates, on the CME you have to configure CTL-CLIENT and CAPF-SERVER, configurations are found in the administration guide found below. I haven't been able to successfully download the LSC from CME to the phone, but figured I would put this out there to help consolidate the information I put together from various sources.
Join this featured IT Admin Control Hub session where you’ll hear about the improved Meeting diagnostics capability in Control Hub which provides IT Admins richer insights about their meetings, the participants and the quality of service. See metrics to h...
This document explains how to register a Cisco TelePresence or WebEx device to Cisco WebEx Cloud Service Using API or Local Web Interface use. This procedure is applicable for Collaboration Endpoint Software 9.8 and later. In previous versi...
SymptomsCER or other Cisco UC platform servers fail to boot with an error message immediately on startup similar to:FATAL: Could not load /lib/modules/2.6.32-642.el6.x86_64/modules.depDiagnosisYou do some searching, and think it's related to this bug - CS...
This Log Analysis tool helps you analyze the call processing and the signaling information collected by the XSLog logs from the Cisco BroadWorks system. This tool also supports a broad range of other Cisco products and technologies...
We are excited to announce we have enhanced our Webex Online Courses Program to offer a variety of courses to help customers increase their knowledge and skill-set on the features and functionalities of their Webex product.
Free – all courses