[cisco-voip] Phone VPN
James Dust
james.dust at charles-stanley.co.uk
Thu Nov 7 11:05:53 EST 2013
This is the CAPF information from the test phone,
When I go onto the test phone and add the authorisation string, it accepts the string when I submit it but does not install anything onto the phone.
[cid:image001.png at 01CEDBD2.DB7D7350]
From: Heim, Dennis [mailto:Dennis.Heim at wwt.com]
Sent: 07 November 2013 15:43
To: James Dust; Brian Meade (brmeade); cisco-voip at puck.nether.net
Subject: RE: Phone VPN
You will need to go to each phone you want to have the lsc and have it install/generate if you are using LSC. If you hit security menu on the phone and look, it should say the lsc is installed.
Dennis Heim | Solution Architect (Collaboration)
World Wide Technology, Inc. | 314-212-1814
PS Engineering: Innovate & Ignite.
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of James Dust
Sent: Thursday, November 07, 2013 10:41 AM
To: Brian Meade (brmeade); cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Phone VPN
Thank you Brian,
We believe we have done all of that so I will work back through the config.
Kind Regards
James Dust
Technical Infrastructure Engineer
Charles Stanley & Co Ltd
Tel: 020 7149 6314
Mob: 07989 491136
mailto: james.dust at charles-stanley.co.uk<mailto:james.dust at charles-stanley.co.uk>
From: Brian Meade (brmeade) [mailto:brmeade at cisco.com]
Sent: 07 November 2013 15:11
To: James Dust; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: Phone VPN
James,
The ASA certificate needs to be added as a Phone-VPN-Trust under OS Administration->Security->Certificate Management. You then select that certificate under the VPN Gateway configuration in CUCM. You then associate the VPN Group and VPN Profile to the Common Phone Profile and associate the Common Phone Profile to the phone.
If you're doing username/password authentication, that's all you have to do. The certificate for the ASA will be in the phone's config file. Just need to reset the phone on-site so it can download it.
If you want to do MIC-based authentication, you need to add the Manufacturing CA Trust certificate from OS Administration to the ASA as a trustpoint.
If you want to do LSC-based authentication, you need to add the Publisher's CAPF.pem certificate as a trustpoint on the ASA and Install the LSC on the phone.
Good IP Phone Anyconnect documentation- https://supportforums.cisco.com/docs/DOC-9124
Brian
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of James Dust
Sent: Thursday, November 07, 2013 9:24 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Phone VPN
Afternoon all,
We are trying a proof of concept here for Cisco IP phone VPN and are stuck, as we don't seem to be able to update the 9951 SIP phone we are using with the certificate needed to build the VPN tunnel.
The phone has been added with a 'common phone profile' but we cannot see where the certificate has been installed (if at all)
Versions are as so:
Cucm: 8.6.2
Asa ver 9.1(2)
9951 phone load: sip9951.9-3-4-24
Can anyone shed any light on what the correct process is to update the phone?
Kind Regards
James
Consider the environment - Think before you print
The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it is the responsibility of the recipient to confirm this.
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL http://www.charles-stanley.co.uk/contact-us/disclosure/
Consider the environment - Think before you print
The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it is the responsibility of the recipient to confirm this.
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL http://www.charles-stanley.co.uk/contact-us/disclosure/
Consider the environment - Think before you print
The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it is the responsibility of the recipient to confirm this.
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL http://www.charles-stanley.co.uk/contact-us/disclosure/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131107/685a74bf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 14426 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131107/685a74bf/attachment.png>
More information about the cisco-voip
mailing list