[cisco-voip] Cisco 8841 VPN phone issue

Brian Meade bmeade90 at vt.edu
Wed Sep 9 22:33:46 EDT 2015


You don't need any certificates on the ASA from CUCM for username/password
to work.  Did you assign the certificate to the VPN Gateway in CUCM after
uploading it to CUCM?

On Wed, Sep 9, 2015 at 9:17 PM, Hank Keleher (AM) <
hank.keleher at dimensiondata.com> wrote:

> Joe, thanks for the recommendation. Here’s what we experienced:
>
> We set the TFTP address to the local server and restarted the phone. It
> sat on registering and never changed or prompted for login. We looked and
> noticed we could now tick on the box to enable VPN and that prompted for a
> username and password. When we logged in we received an error message
> indicating an invalid certificate.
>
> We uploaded the certificate from ASA to CUCM prior to configuring the
> phones. Since we’re using username and password we didn’t import any CUCM
> certs to the ASA, do we still need to do that even if we aren’t using
> certificate authentication?
>
> Thanks!
> Hank
>
>
> From: Joe Martini
> Date: Wednesday, September 9, 2015 at 20:07
> To: "Hank.Keleher"
> Cc: "cisco-voip at puck.nether.net"
> Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
>
> The actual internal TFTP server address.  The phone will use it after the
> VPN connection is established to download its configuration file.
>
> Joe
>
> On Sep 9, 2015, at 8:02 PM, Hank Keleher (AM) <
> hank.keleher at dimensiondata.com> wrote:
>
> What should the TFTP address be set to for the remote VPN phone? The
> actual internal TFTP address or the VPN head end?
>
> Thanks!
> Hank
>
>
> From: Joe Martini
> Date: Wednesday, September 9, 2015 at 19:57
> To: "Hank.Keleher"
> Cc: "cisco-voip at puck.nether.net"
> Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
>
> The prompt you are seeing with Service Name, Username, and Password is for
> the Mobile and Remote Access (MRA) feature.  More information about this
> can be found here - https://tools.cisco.com/squish/92527f.  In order for
> the phone to start the VPN sign-in process instead of the MRA sign-in
> process you must have a TFTP set on the phone, either via DHCP or
> manually.
>
> Joe
>
> On Sep 9, 2015, at 7:10 PM, Hank Keleher (AM) <
> hank.keleher at dimensiondata.com> wrote:
>
> Greetings!
>
> I’ve setup a new server using 10.5.2 for VPN using 8841’s and username and
> password (not certificate). I followed the details in the following
> features configuration guide for VPN client.
>
>
> http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/admin/10_5_2/ccmfeat/CUCM_BK_C3A84B33_00_cucm-feature-configuration-guide_rel1052.pdf
>
> The phones were configured and registered on the local network so they got
> the VPN common phone profile information. When we try to use the phone at
> home it prompts to supply Service Name, Username and Password. What should
> the service name be? We searched for hours and didn’t see anything that
> related to a service name and we tried everything we could think of.
>
> I am able to VPN using username and password with the AnyConnect client to
> the URL for the VPN phones that was setup. It’s an ASA 5512 and the proper
> licenses are applied. I checked the feature report on CUCM and the 8841 is
> supported. Unfortunately I’m not able to access the web server on the phone
> (I’ve tried to no avail.)
>
> Any thoughts or ideas here?
>
> Thanks!
> Hank
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150909/da44f1d5/attachment.html>


More information about the cisco-voip mailing list