Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2838
Views
0
Helpful
5
Replies

Remote VPN phone feature via Palo Alto firewall

kdamisch
Level 1
Level 1

‎02-29-2016 12:28 PM - edited ‎03-17-2019 06:04 AM

Customer currently has some 7900 series phones using the certificate-based remote VPN feature through their ASA firewall. They have some new Palo Alto firewalls and would like to know if they can get these phones to register from the users' home networks through the Palo Alto firewalls to CUCM so they can decommission the ASAs. My initial response would be no, but checking to see if anyone has any thoughts on this. We can't do MRA via the Expressways since they don't have the newer supported phone models.

3 people had this problem
Labels:
0 Helpful
5 Replies 5

Jaime Valencia
Cisco Employee
Cisco Employee

‎02-29-2016 01:39 PM

All the config guides only discuss ASA, I doubt that would work, and be a supported scenario.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_0_1/secugd/CUCM_BK_C1A78C1D_00_cucm-security-guide-1101/CUCM_BK_C1A78C1D_00_cucm-security-guide-1101_chapter_010010.html

HTH

java

if this helps, please rate
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎02-29-2016 01:44 PM

you would definitely need to pilot this. If you are going to deploy this you have two vendors pointing at each other when you run into issues, so to me this is a case of 'first see then believe". I work with PA's and Cisco UC, and I can honesty say, interoperability between these two leave a lot to be desired.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Tristan Cober
Level 1
Level 1

‎02-29-2016 02:07 PM

Fair warning, I've had more times I can count than fingers/toes where application overrides were needed on the PA Firewall to get traffic to traverse it correctly.

0 Helpful

jmaires21
Level 1
Level 1

‎01-11-2017 10:44 AM

Hi, 

I am having the same issue.  I was wondering if you were able to succesfully make it work with Palo Alto?. 

regards, 

Juan

0 Helpful

Porfirio Alvarado
Level 1
Level 1
In response to jmaires21

‎02-07-2017 04:47 PM

Jmaires & kdamisch,

Were you able to successfully get the phones to register. Im am facing an issue with our  Voice engineer  trying to get Cisco phones to successfully install a vpn certificate and fails all the time.  I did face one issue already with Palo Alto's requiring an app override policy for tcp 5061 due to phone disconnects.

0 Helpful
Customers Also Viewed These Support Documents