02-29-2016 12:28 PM - edited 03-17-2019 06:04 AM
Customer currently has some 7900 series phones using the certificate-based remote VPN feature through their ASA firewall. They have some new Palo Alto firewalls and would like to know if they can get these phones to register from the users' home networks through the Palo Alto firewalls to CUCM so they can decommission the ASAs. My initial response would be no, but checking to see if anyone has any thoughts on this. We can't do MRA via the Expressways since they don't have the newer supported phone models.
02-29-2016 01:39 PM
All the config guides only discuss ASA, I doubt that would work, and be a supported scenario.
02-29-2016 01:44 PM
you would definitely need to pilot this. If you are going to deploy this you have two vendors pointing at each other when you run into issues, so to me this is a case of 'first see then believe". I work with PA's and Cisco UC, and I can honesty say, interoperability between these two leave a lot to be desired.
02-29-2016 02:07 PM
Fair warning, I've had more times I can count than fingers/toes where application overrides were needed on the PA Firewall to get traffic to traverse it correctly.
01-11-2017 10:44 AM
Hi,
I am having the same issue. I was wondering if you were able to succesfully make it work with Palo Alto?.
regards,
Juan
02-07-2017 04:47 PM
Jmaires & kdamisch,
Were you able to successfully get the phones to register. Im am facing an issue with our Voice engineer trying to get Cisco phones to successfully install a vpn certificate and fails all the time. I did face one issue already with Palo Alto's requiring an app override policy for tcp 5061 due to phone disconnects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide