IP phone SSL VPN configuration issue

a.golovin · ‎10-05-2010

Hello,

I am trying to configure the SSL VPN for the IP phone.

I am using the CM8.0.2 and 7975 with 9.0(2)SR1S. ASA is v8.2.

- I configured ASA and tested with my PC. PC can ping the CM.

- I uploaded the ASA cert as a Phone-VPN-trust

- I uploaded the CA root cert. Tried both, Phone-VPN-trust and Phone-trust. Which one is correct?

- I created a VPN gateway and typed URL and selected the cert

- I created the VPN group and added the VPN gateway to it.

- I created the VPN profile and added the VPN group to it.

- I disabled the Host ID check

- I configured the Common Phone Profile with VPN group and VPN profile and added it to a 7975 phone.

When I go into the phone settings, the VPN option is disabled and the Enable soft button is greyed out.

What is missing? What am I doing wrong?

jomcgaug · ‎10-08-2010

Both the identity and CA cert should be in the Phone-VPN-trust store. Also make sure the VPN Gateway config has the certs associated with it. If the URL contains a hostname, make sure the ip phone has DNS configured so it can resolve the hostname to ip.

In the VPN Profile, is "Enable Auto Network Detect" checked. If so try unchecking that, save, and reset the phone. I've seen issues in the past with the button being grayed out and this procedure seems to do the trick. Everything else in your config looks OK.

If none of this works, browse to the phone's IP using your favorite web browser and look at the Console Logs. It should give us some ideas as to what's going on.

John