<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{mso-style-name:msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.balloontextchar0
{mso-style-name:balloontextchar;
font-family:"Tahoma","sans-serif";}
span.emailstyle20
{mso-style-name:emailstyle20;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Maybe an ACL or firewall rule then… A SYN timeout simply means that there is no response to SYN packet that is trying to start the session. And since the ASA
is supposed to be responding here, its blocking itself.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+Chris<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">TME - Unity Connection and MediaSense<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [mailto:cisco-voip-bounces@puck.nether.net]
<b>On Behalf Of </b>James Dust<br>
<b>Sent:</b> Tuesday, November 12, 2013 12:56 PM<br>
<b>To:</b> Erick Wellnitz<br>
<b>Cc:</b> cisco-voip@puck.nether.net<br>
<b>Subject:</b> Re: [cisco-voip] Phone VPN<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi Erick,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes I do have those installed.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Erick Wellnitz [<a href="mailto:ewellnitzvoip@gmail.com">mailto:ewellnitzvoip@gmail.com</a>]
<br>
<b>Sent:</b> 12 November 2013 15:56<br>
<b>To:</b> James Dust<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB">Do you have ip phone VPN licenses on the ASA?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB">On Mon, Nov 11, 2013 at 10:55 AM, James Dust <<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a>> wrote:<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I have managed to get a little further and am now seeing inbound requests on my asa from the 9951 trying to form a connection,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">However the connection is immediately being torn down with the below error message:</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal">6<o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal">Nov 11 2013<o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal">16:30:18<o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b>(external 9951 address)</b><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b>49580</b><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><b>(external asa address)</b><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal">443<o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal">Teardown TCP connection 7982 for outside:<b>external 9951 address</b>/49580 to identity:<b>(external asa address)</b>/443 duration 0:00:30 bytes 0 SYN Timeout<o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I have replaced IP addresses with descriptions and highlighted.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> James Dust
<br>
<b>Sent:</b> 08 November 2013 16:19<br>
<b>To:</b> 'Chris Ward (chrward)'; Erick Wellnitz<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for clarifying Chris and yes I did get what you meant although I worded my response somewhat poorly,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I am planning on completely redoing the whole config as I don’t seem to be getting anywhere trouble shooting this issue.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks again for yours and everyone’s help.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Chris Ward (chrward) [<a href="mailto:chrward@cisco.com" target="_blank">mailto:chrward@cisco.com</a>]
<br>
<b>Sent:</b> 08 November 2013 16:13<br>
<b>To:</b> James Dust; Erick Wellnitz<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">James, just to make sure you understand, I am only referring to the “System-Server” configuration in the main CCMAdmin pages, nothing VPN or CAPF specific.
Also, hostnames are fine, it just can’t be the FQDN.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For example:</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">cucm1 = GOOD</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">10.1.1.110 = GOOD</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://cucm1.domain.com" target="_blank">cucm1.domain.com</a> = BAD</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+Chris</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">TME - Unity Connection and MediaSense</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> James Dust [<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">mailto:james.dust@charles-stanley.co.uk</a>]
<br>
<b>Sent:</b> Friday, November 08, 2013 10:50 AM<br>
<b>To:</b> Chris Ward (chrward); Erick Wellnitz<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks Chris,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I am going to strip everything out and start again, so I will ensure I don’t use hostnames only IP’s.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James Dust
<br>
</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Technical Infrastructure Engineer</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"><br>
Charles Stanley & Co Ltd <br>
Tel: 020 7149 6314 <br>
Mob: 07989 491136 <br>
mailto: <a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Chris Ward (chrward) [<a href="mailto:chrward@cisco.com" target="_blank">mailto:chrward@cisco.com</a>]
<br>
<b>Sent:</b> 08 November 2013 15:47<br>
<b>To:</b> Erick Wellnitz; James Dust<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Another TME and I recently found an issue where if you define your servers (System – Servers in the menu) as FQDN, the CAPF cert won’t populate. Are you perchance
using FQDNs in the System – Server fields? If so, these would need to be changed to IPs or just hostnames.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+Chris</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">TME - Unity Connection and MediaSense</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Erick Wellnitz<br>
<b>Sent:</b> Friday, November 08, 2013 10:34 AM<br>
<b>To:</b> James Dust<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal">Check your VPN Feature Configuration and VPN Profile. Client Authentication Mehtod should be Certificate if you aren't using manual login. I also disabled Host ID Check.<span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">What I have noticed is that if settnigs between the profile and the Feature configuration are not consistent you will see inconsistent results.<span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On Fri, Nov 8, 2013 at 4:15 AM, James Dust <<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a>> wrote:<span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Morning Erick,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes I have done what you suggested and it still hasn’t worked.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Today I might strip all the config off and start again.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Erick Wellnitz [mailto:<a href="mailto:ewellnitzvoip@gmail.com" target="_blank">ewellnitzvoip@gmail.com</a>]
<br>
<b>Sent:</b> 07 November 2013 20:38<br>
<b>To:</b> Brian Meade (brmeade)<br>
<b>Cc:</b> James Dust; Heim, Dennis; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Have you gone to settings -> administrator settings -> Security Setup -> LSC and selected update? Also, check the ITL file under trust list to make sure the CAPF Server is listed. The CAPF certificate also needs to
be installed on the ASA.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">If the CAPF Server is not listed. restart the CAPF service and it should appear.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB">On Thu, Nov 7, 2013 at 12:08 PM, Brian Meade (brmeade) <<a href="mailto:brmeade@cisco.com" target="_blank">brmeade@cisco.com</a>> wrote:<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Check the Group URL you are using on the VPN Gateway configuration. On the ASA, see which tunnel-group that URL is configured under and make sure it has “authentication certificate”.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">tunnel-group CertOnlyTunnelGroup webvpn-attributes</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">authentication certificate</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">group-url <a href="https://10.89.79.135/CertOnly" target="_blank">
https://10.89.79.135/CertOnly</a> enable</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> James Dust [mailto:<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a>]
<br>
<b>Sent:</b> Thursday, November 07, 2013 12:59 PM<br>
<b>To:</b> Brian Meade (brmeade); Heim, Dennis; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">Hi Brian,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">I have completely reset the phone and left it plugged into the lan to register for some time,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">Now when I plug the phone back into the external connection and connect the vpn setting I get a username and password box present itself.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">Where is this referencing?</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB" style="color:#1F497D">
</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Brian Meade (brmeade) [<a href="mailto:brmeade@cisco.com" target="_blank">mailto:brmeade@cisco.com</a>]
<br>
<b>Sent:</b> 07 November 2013 16:53<br>
<b>To:</b> James Dust; Heim, Dennis; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">James,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Try downloading the phone’s config file:
<a href="http://x.x.x.x:6970/SEP3CCE73AD2EE2.cnf.xml" target="_blank">http://x.x.x.x:6970/SEP3CCE73AD2EE2.cnf.xml</a> and look for the CAPF entry to make sure it is there. Also download the ITL and make sure the CAPF entry is there and matches the CAPF.pem
from the publisher.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Brian</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> James Dust [<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">mailto:james.dust@charles-stanley.co.uk</a>]
<br>
<b>Sent:</b> Thursday, November 07, 2013 11:43 AM<br>
<b>To:</b> Brian Meade (brmeade); Heim, Dennis; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">Hi Brian,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">The phone is a 9951 and interestingly enough I am getting the following messages, so It appears we have a CAPF problem.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">The service is running, I have just checked.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><img border="0" width="593" height="281" id="_x0000_i1025" src="cid:image001.jpg@01CEDFA6.D31A1470"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Brian Meade (brmeade) [<a href="mailto:brmeade@cisco.com" target="_blank">mailto:brmeade@cisco.com</a>]
<br>
<b>Sent:</b> 07 November 2013 16:34<br>
<b>To:</b> James Dust; Heim, Dennis; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">James,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Way model phone is it? Do you see anything in the console logs/status messages when you reset the phone after setting the Operation to Install/Upgrade? The Operation should switch back to No Pending Operation
if the install was successful so it looks like it is not successful.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Brian</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> James Dust [<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">mailto:james.dust@charles-stanley.co.uk</a>]
<br>
<b>Sent:</b> Thursday, November 07, 2013 11:06 AM<br>
<b>To:</b> Heim, Dennis; Brian Meade (brmeade); <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">This is the CAPF information from the test phone,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">When I go onto the test phone and add the authorisation string, it accepts the string when I submit it but does not install anything onto the phone.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><img border="0" width="554" height="213" id="_x0000_i1026" src="cid:image002.png@01CEDFA6.D31A1470"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Heim, Dennis [<a href="mailto:Dennis.Heim@wwt.com" target="_blank">mailto:Dennis.Heim@wwt.com</a>]
<br>
<b>Sent:</b> 07 November 2013 15:43<br>
<b>To:</b> James Dust; Brian Meade (brmeade); <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">You will need to go to each phone you want to have the lsc and have it install/generate if you are using LSC. If you hit security menu on the phone and look, it should say the lsc is installed.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.5pt">Dennis Heim | Solution Architect (Collaboration)</span></b><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">World Wide Technology, Inc. |
<a href="tel:314-212-1814" target="_blank">314-212-1814</a></span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><b><i><span style="color:#00007F">PS Engineering: </span></i></b><i><span style="color:#00007F"> Innovate & Ignite.</span></i><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:#1F497D"> </span></b><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>James Dust<br>
<b>Sent:</b> Thursday, November 07, 2013 10:41 AM<br>
<b>To:</b> Brian Meade (brmeade); <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">Thank you Brian,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D">We believe we have done all of that so I will work back through the config.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">James Dust
<br>
</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D">Technical Infrastructure Engineer</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D"><br>
Charles Stanley & Co Ltd <br>
Tel: 020 7149 6314 <br>
Mob: 07989 491136 <br>
mailto: <a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Brian Meade (brmeade) [<a href="mailto:brmeade@cisco.com" target="_blank">mailto:brmeade@cisco.com</a>]
<br>
<b>Sent:</b> 07 November 2013 15:11<br>
<b>To:</b> James Dust; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> RE: Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">James,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The ASA certificate needs to be added as a Phone-VPN-Trust under OS Administration->Security->Certificate Management. You then select that certificate under the VPN Gateway configuration in CUCM. You then associate
the VPN Group and VPN Profile to the Common Phone Profile and associate the Common Phone Profile to the phone.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you’re doing username/password authentication, that’s all you have to do. The certificate for the ASA will be in the phone’s config file. Just need to reset the phone on-site so it can download it.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you want to do MIC-based authentication, you need to add the Manufacturing CA Trust certificate from OS Administration to the ASA as a trustpoint.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you want to do LSC-based authentication, you need to add the Publisher’s CAPF.pem certificate as a trustpoint on the ASA and Install the LSC on the phone.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Good IP Phone Anyconnect documentation-
<a href="https://supportforums.cisco.com/docs/DOC-9124" target="_blank">https://supportforums.cisco.com/docs/DOC-9124</a></span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Brian</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentColor">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>James Dust<br>
<b>Sent:</b> Thursday, November 07, 2013 9:24 AM<br>
<b>To:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> [cisco-voip] Phone VPN</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB">Afternoon all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">We are trying a proof of concept here for Cisco IP phone VPN and are stuck, as we don’t seem to be able to update the 9951 SIP phone we are using with the certificate needed to build the VPN tunnel.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">The phone has been added with a ‘common phone profile’ but we cannot see where the certificate has been installed (if at all)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Versions are as so:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Cucm: 8.6.2<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Asa ver 9.1(2)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">9951 phone load: sip9951.9-3-4-24<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Can anyone shed any light on what the correct process is to update the phone?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Kind Regards</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">James</span><span lang="EN-GB">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"> <span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</body>
</html>