Do you know if a PC is connnected to the PC port of one of those IP Phones, if DHCP is configured, does it take an address of my remote network or does it takes an address from, for example, my ADSL router?

What i mean is, if the PC can use the VPN tunnel that the IP Phone built or not.

Regards!

Does any one know the answer to this?

Thanks!

Hi,

I asked some folk from Cisco and they told me that PC port does not use the VPN tunnel. So, the PC will be assigned with your local IP addressing scheme (if DHCP is enabled) and will be connected directly to internet and not to your coporate network.

Thanks for the info and fast reply!

Any update on SSL VPN Support with the 79X2, 79X5 phones with a UC500? Or maybe it can do the SSL VPN to the ASA but still register to a UC500 behind it? We are a cisco partner and have a customer with many 7965 phones and this will be a great option for them.  Knowing Cisco, it is probably technically feasible but the marketing people will tell us that's why they have the SPA525 phone for the UC500 line.  Any input will be appreciated, thank you.

The SSL VPN client capability on the 7942G, 7945G, 7962G, 7965G, and 7975G phones is supported in Cisco Unified CME 8.5 and later. There are actually new commands that can be used to enable the SSL Client on the 7942G, 7945G, 7962G, 7965G, and 7975G phones in CME 8.5 and later. However, I do not know when CCA will support the new SSL VPN client commands introduced in CME 8.5.

That is great news.  I see it just came out last Friday, Nov 5th. I can not find an IOS version for CME 8.5 on the UC500s or ISR 2800s. I will keep checking, I hope it will be available soon.

The latest available version of the UC500 software pack release is the 8.0.4 software pack release. The 8.1.0 software pack, which will include CME 8.1, is planned for release in the next few weeks. For UC500 platforms, the 8.5.0 software pack (which is still a few months away from final release) will include the updated IOS image that includes CME 8.5.

RE: "Good news, I followed the doc on configuring SSL VPN on SCCP IP Phones with CME 8.5, and with my ASA5505 and 2811 CME router, my 7975 phone SSL VPN'd into my network and worked"

Can you share a pointer to this document?

You may be getting out ahead of us :-)

UC500 doesnt support those phone loads yet.

We do support SSL VPN on SPA525G and G2:

https://supportforums.cisco.com/docs/DOC-9811

Steve

I'm looking to ensure that I can use a 7942G IP Phone as a SSL VPN client with an 3945E ISR running CME.  I assume I'll need an ASA55xx on the head-end.  What licensing is required?

It is part of the CUCME Admin guide, http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucme/admin/configuration/guide/cmevpn.html

My testing was with a 2811 ISR router, CME 8.5 is not available on the UC500 yet.

I will also mention I did get the VPN phone to work with certificate authentication.  At last check, this is still not documented by Cisco anywhere so it took quite a bit of trial and error.  The process is to first get the phones to be authenticated locally following the CME security doc, then establish the trust between the 2811 and the ASA as it described in the link above, then change the ASA VPN group to use certificate authentication.  This makes for a very eloquent end user solution where they simply have to plug in the phone to an internet connection.  I actually used it from a hotel wireless network through my laptop using internet sharing for port 443 only.  It worked fine.