[cisco-voip] Cisco 8841 VPN phone issue
Hank Keleher (AM)
hank.keleher at dimensiondata.com
Wed Sep 9 21:17:05 EDT 2015
Joe, thanks for the recommendation. Here’s what we experienced:
We set the TFTP address to the local server and restarted the phone. It sat on registering and never changed or prompted for login. We looked and noticed we could now tick on the box to enable VPN and that prompted for a username and password. When we logged in we received an error message indicating an invalid certificate.
We uploaded the certificate from ASA to CUCM prior to configuring the phones. Since we’re using username and password we didn’t import any CUCM certs to the ASA, do we still need to do that even if we aren’t using certificate authentication?
Thanks!
Hank
From: Joe Martini
Date: Wednesday, September 9, 2015 at 20:07
To: "Hank.Keleher"
Cc: "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>"
Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
The actual internal TFTP server address. The phone will use it after the VPN connection is established to download its configuration file.
Joe
On Sep 9, 2015, at 8:02 PM, Hank Keleher (AM) <hank.keleher at dimensiondata.com<mailto:hank.keleher at dimensiondata.com>> wrote:
What should the TFTP address be set to for the remote VPN phone? The actual internal TFTP address or the VPN head end?
Thanks!
Hank
From: Joe Martini
Date: Wednesday, September 9, 2015 at 19:57
To: "Hank.Keleher"
Cc: "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>"
Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
The prompt you are seeing with Service Name, Username, and Password is for the Mobile and Remote Access (MRA) feature. More information about this can be found here - https://tools.cisco.com/squish/92527f. In order for the phone to start the VPN sign-in process instead of the MRA sign-in process you must have a TFTP set on the phone, either via DHCP or manually.
Joe
On Sep 9, 2015, at 7:10 PM, Hank Keleher (AM) <hank.keleher at dimensiondata.com<mailto:hank.keleher at dimensiondata.com>> wrote:
Greetings!
I’ve setup a new server using 10.5.2 for VPN using 8841’s and username and password (not certificate). I followed the details in the following features configuration guide for VPN client.
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/admin/10_5_2/ccmfeat/CUCM_BK_C3A84B33_00_cucm-feature-configuration-guide_rel1052.pdf
The phones were configured and registered on the local network so they got the VPN common phone profile information. When we try to use the phone at home it prompts to supply Service Name, Username and Password. What should the service name be? We searched for hours and didn’t see anything that related to a service name and we tried everything we could think of.
I am able to VPN using username and password with the AnyConnect client to the URL for the VPN phones that was setup. It’s an ASA 5512 and the proper licenses are applied. I checked the feature report on CUCM and the 8841 is supported. Unfortunately I’m not able to access the web server on the phone (I’ve tried to no avail.)
Any thoughts or ideas here?
Thanks!
Hank
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150910/e9d16701/attachment.html>
More information about the cisco-voip
mailing list