Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
673
Views
15
Helpful
7
Replies

VPN phone is not working

Go to solution
Yenosh
Level 1
Level 1

‎12-17-2021 09:49 PM

Hi All,

We have changed phone URL for home phone service/VPN gateway and later We have uploaded the ASA certificates on to phone-VPN trust certificates. We have added new certificates to VPN gateway certificates under VPN gateway configuration but not de-associated old certificates from VPN gateway.

 

Problem: When connected phone in the office to download the certs and returned home and it does not work.

 

1) Do we need to remove the old ASA certificates from VPN gateway certificates on cucm?
2)Do we need to re-generate the any of the certificates?


Please look into this.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Yenosh

‎12-20-2021 09:40 PM

 

 

1) Do we need to remove the old ASA certificates from VPN gateway certificates on cucm? Best Practice is to remove Unused certificates.
2)Do we need to re-generate the CAPF certificates after uploading ASA certificates on cucm to upload CAPF certs on ASA? There no such requirements mentioned in the document. You are uploading the ASA certificates to the CUCM Trust store.



Response Signature


View solution in original post

Go to solution
Yenosh
Level 1
Level 1

‎01-18-2022 09:22 AM

The process i have followed to upload the ASA certificates is good, problem is from ASA side. They did fix it 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Nithin Eluvathingal
VIP
VIP

‎12-18-2021 05:37 PM

Upload VPN Concentrator Certificates

Generate a certificate on the ASA when you set it up to support the VPN feature. Download the generated certificate to your PC or workstation and then upload it to Unified Communications Manager using the procedure in this section. Unified Communications Manager saves the certificate in the Phone-VPN-trust list.

The ASA sends this certificate during the SSL handshake, and the Cisco Unified IP Phone compares it against the values stored in the Phone-VPN-trust list.

If a Locally Significant Certificate (LSC) is installed on the Cisco Unified IP Phone, it will send its LSC by default.

To use device level certificate authentication, install the root MIC or CAPF certificate in the ASA, so that the Cisco Unified IP Phone are trusted.

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/11_5_1/featureConfig/CUCM_BK_C7DC69D3_00_cucm-feature-configuration-guide_115/CUCM_BK_C7DC69D3_00_cucm-feature-configuration-guide_115_chapter_01000.html

 

 



Response Signature


Go to solution
Yenosh
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-19-2021 10:30 PM

Hi Nithin,

 

the process you mentioned above are completed already but still VPN phone is not working.

 

I have below queries, can you please look into them

 

1) Do we need to remove the old ASA certificates from VPN gateway certificates on cucm?
2)Do we need to re-generate the CAPF certificates after uploading ASA certificates on cucm to upload CAPF certs on ASA?

0 Helpful

Go to solution
Yenosh
Level 1
Level 1
In response to Yenosh

‎12-20-2021 11:22 AM

any views on above query?

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Yenosh

‎12-20-2021 09:40 PM

 

 

1) Do we need to remove the old ASA certificates from VPN gateway certificates on cucm? Best Practice is to remove Unused certificates.
2)Do we need to re-generate the CAPF certificates after uploading ASA certificates on cucm to upload CAPF certs on ASA? There no such requirements mentioned in the document. You are uploading the ASA certificates to the CUCM Trust store.



Response Signature


Go to solution
Yenosh
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-20-2021 10:32 PM

Thanks Nitin,

 

I did remove the unused certs yesterday, we will test it on Thursday and I will post here the result

0 Helpful

Go to solution
Yenosh
Level 1
Level 1

‎12-23-2021 06:58 AM

We have tested the phone and it is not working from home @Nithin Eluvathingal , are we missing anything here

0 Helpful

Go to solution
Yenosh
Level 1
Level 1

‎01-18-2022 09:22 AM

The process i have followed to upload the ASA certificates is good, problem is from ASA side. They did fix it 

0 Helpful
Customers Also Viewed These Support Documents