Configuring SSL VPN Phones using certificates with ASA and CUCME (Call Manager Express)
I just finished configuring remote SSL VPN phones using a 7945G. I have an ASA 5510 as the firewall and 2800 Series router running Call Manager Express 8.6. I followed the following guide at the below link almost line for line (obviously custom tailoring the config for my IP's and environment) to get this initially working.
This config works with utilizing SSL VPN phones with username and password authentication and works great. Keep in mind that after creating the CNF file on CME after the vpn group and vpn profile have added in the steps above, that one has to connect the phone locally in order to get the config file from CME, otherwise the VPN options on the phone will be grayed out. (As a side note, I was configuring this remotely so I created a site to site VPN between mine and the main location, added option 150 to my local DHCP server giving the TFTP Server of the main site hosting CME, the site to site VPN allowed the phone to get the CNF file without technically being local)
Also make sure you have the following licensing installed on your ASA
*ASA Premium or AnyConnect Essentials license
*AnyConnect VPN Phone license
As for certificates, Cisco only had documentation for doing this with full Call Manager, not the express version. I was able to get going using the MIC (Cisco's manufacturer certificate which is preinstalled on the Cisco phones). Also keep in mind that this is considered less secure than LSC's, Cisco's recommended certificates. The below document lines out how to set this up with full Call Manager.
For those that want to use the more secure certificates, on the CME you have to configure CTL-CLIENT and CAPF-SERVER, configurations are found in the administration guide found below. I haven't been able to successfully download the LSC from CME to the phone, but figured I would put this out there to help consolidate the information I put together from various sources.
Hello Admin Community!
I’m recruiting participants for an upcoming study looking at large meeting troubleshooting in Control Hub. If you’d like to participate, please fill out this quick, 2 min. survey. Thanks! https://www.surveymonkey.com/r/...
Don't you just hate having to run RTMT in a virtual machine, well here it runs in an app for mac. I have complied a version for CUCM 14.x ( from a version I got for 11.x ) It works on older versions also. Here it is https://haffi.is/rt...
To participate in this event, please use the button to ask your questions
Tour of the Real-Time Monitoring Tool
Have any questions about the Real-Time Monitoring Tool?
What is the Real-Time Monitoring Tool (RTMT) and how do I use it? In addition to...
This event had place on Tuesday 20th, April 2021 at 10:00 hrs PDT
What is the Real-Time Monitoring Tool (RTMT) and how do I use it? In addition to an overview of the components of the tool and the interface, attendees will learned how to use it to g...
The purpose of this document is to provide troubleshooting insight into a well-known issue for the IM&P nodes when going to the Presence Topology Page and seeing all the services as Unknown, even though they are started as shown on the ...