[cisco-voip] Cisco 8841 VPN phone issue

Brian Meade bmeade90 at vt.edu
Wed Sep 9 23:42:03 EDT 2015 

Do you have Host ID Check enabled on the VPN profile?

On Wed, Sep 9, 2015 at 11:27 PM, Hank Keleher (AM) <
hank.keleher at dimensiondata.com> wrote:

> I did, yes.
>
> Thanks!
> Hank
>
> On Sep 9, 2015, at 22:33, Brian Meade <bmeade90 at vt.edu> wrote:
>
>
>
> You don't need any certificates on the ASA from CUCM for username/password
> to work.  Did you assign the certificate to the VPN Gateway in CUCM after
> uploading it to CUCM?
>
> On Wed, Sep 9, 2015 at 9:17 PM, Hank Keleher (AM) <
> hank.keleher at dimensiondata.com> wrote:
>
>> Joe, thanks for the recommendation. Here’s what we experienced:
>>
>> We set the TFTP address to the local server and restarted the phone. It
>> sat on registering and never changed or prompted for login. We looked and
>> noticed we could now tick on the box to enable VPN and that prompted for a
>> username and password. When we logged in we received an error message
>> indicating an invalid certificate.
>>
>> We uploaded the certificate from ASA to CUCM prior to configuring the
>> phones. Since we’re using username and password we didn’t import any CUCM
>> certs to the ASA, do we still need to do that even if we aren’t using
>> certificate authentication?
>>
>> Thanks!
>> Hank
>>
>>
>> From: Joe Martini
>> Date: Wednesday, September 9, 2015 at 20:07
>> To: "Hank.Keleher"
>> Cc: "cisco-voip at puck.nether.net"
>> Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
>>
>> The actual internal TFTP server address.  The phone will use it after the
>> VPN connection is established to download its configuration file.
>>
>> Joe
>>
>> On Sep 9, 2015, at 8:02 PM, Hank Keleher (AM) <
>> hank.keleher at dimensiondata.com> wrote:
>>
>> What should the TFTP address be set to for the remote VPN phone? The
>> actual internal TFTP address or the VPN head end?
>>
>> Thanks!
>> Hank
>>
>>
>> From: Joe Martini
>> Date: Wednesday, September 9, 2015 at 19:57
>> To: "Hank.Keleher"
>> Cc: "cisco-voip at puck.nether.net"
>> Subject: Re: [cisco-voip] Cisco 8841 VPN phone issue
>>
>> The prompt you are seeing with Service Name, Username, and Password is
>> for the Mobile and Remote Access (MRA) feature.  More information about
>> this can be found here - https://tools.cisco.com/squish/92527f.  In
>> order for the phone to start the VPN sign-in process instead of the MRA
>> sign-in process you must have a TFTP set on the phone, either via DHCP or
>> manually.
>>
>> Joe
>>
>> On Sep 9, 2015, at 7:10 PM, Hank Keleher (AM) <
>> hank.keleher at dimensiondata.com> wrote:
>>
>> Greetings!
>>
>> I’ve setup a new server using 10.5.2 for VPN using 8841’s and username
>> and password (not certificate). I followed the details in the following
>> features configuration guide for VPN client.
>>
>>
>> http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/admin/10_5_2/ccmfeat/CUCM_BK_C3A84B33_00_cucm-feature-configuration-guide_rel1052.pdf
>>
>> The phones were configured and registered on the local network so they
>> got the VPN common phone profile information. When we try to use the phone
>> at home it prompts to supply Service Name, Username and Password. What
>> should the service name be? We searched for hours and didn’t see anything
>> that related to a service name and we tried everything we could think of.
>>
>> I am able to VPN using username and password with the AnyConnect client
>> to the URL for the VPN phones that was setup. It’s an ASA 5512 and the
>> proper licenses are applied. I checked the feature report on CUCM and the
>> 8841 is supported. Unfortunately I’m not able to access the web server on
>> the phone (I’ve tried to no avail.)
>>
>> Any thoughts or ideas here?
>>
>> Thanks!
>> Hank
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
>
> itevomcid
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150909/4b2fd16e/attachment.html>

More information about the cisco-voip mailing list