I have noticed that the SSL VPN client capability was added to the 7942, 7945, 7962, 7965, and 7975G phones in phone load release 9.0(2). This feature is also supported on the SPA525G phones. The release notes for this phone load release can be found at the URL below:
The SSL VPN client is currently supported on the SPA525G phones on the UC500 platform. When will a 9.0(2) or later phone load for TNP phones be included in the UC500 software pack?
Can you please share some ASA and CME side configuration for this remote SSL vpn phone.
I have beed trying to acoomplish this for nearly a week now.
Certificate is properly authenticating between CME and ASA. even web Vpn is working fine.
But cannot get the phones to work from remote broadband home router.
As soon as i entered username/password, i get authentication fail message.
If i use a certificate authentication method do i need to enter user/pass under Vpn configuration menu. or the phones will just register automatically.
Has anyone had any luck with this? I am running into an issue that seems to be related to the use of an existing self-signed signature that is in use for other SSL VPN users. Is there a way, on CUCME, to store a certificate and trust it on the IP phones? I see this functionality on CUCM but I am having trouble finding a way to do this on CUCME.
I don't know and don't comment the Cisco offical statement on the matter, but It should work fine especially with latest IOS, 12.4(4)M4.
There is a chapter about it, quite consuing and not so clear, in the Administrator Guide.
Paolo- the SPA 525 g2 is supported in the current UC5xx release, but my understanding is that the 79xx phones are not. This support requires CME 8.5 and the UC5xx platform is still stuck on 8.0.x.
The new release is supposed to be CME 8.6 (if it ever actually releases!) but I would like to hear from Cisco that SSL VPN for 79xx WILL or WILL NOT be supported. I'm not ready to go on another Cisco led wild goose chase....
As mentioned in other threads, 8.6 is released as beta now and shortly to everyone..
I've still have to complete testing with a 7945 on the same identical IOS version, using an ISR router.
Once I have done that, I'll report here.
From my understanding, it should work already.
The issue is that one has first to configure the phones as local secure phones, due to that onerous requirement, I haven't completed my testing yet.
Correction: The Small Business Support Center does NOT support SSL VPN on the UC500 using a 79xx phone. The only supported SSL VPN phone on the UC500 is a SPA525g(2). We will NOT be able to assist a customer attempting to use a 79xx phone for a SSL VPN connection either via CCA or CLI.