Top Banner
IP Phone VPN Training from CUCM perspective Ryan Bennett [email protected]
15

IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett [email protected]

Mar 22, 2019

Download

Documents

Jason Campbell
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

IP Phone VPN Training from CUCM perspective

Ryan [email protected]

Page 2: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Agenda

• Overview – Network/Configuration Setup

• Configuration

Page 3: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Overview

This guide will walk you through the integration between CUCM and ASA, with a focus on the CUCM integration

Page 4: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

ASA

CUCM8.x

InternalPoE Switch

ExternalPoE Switch

14.129.5.3

172.16.1.1

Page 5: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

VPN Profile: This is the location that you determine how your clientsare going to authenticate whenever the configuration is completed. All

other values would be recommended set to their default values.

Page 6: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

VPN Gateway: This is the location that you define the URL for authentication.You can also check this URL by placing it in to a browser and logging in.

The Certs listed in the Location box need to be located there, not in the Truststore, and then you register the phone internally. After the phone receives the Certs you can attempt

to register it externally.

Page 7: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

VPN Group: The VPN Group configuration is simply where you add the VPNGateway setup that you previously configured.

Page 8: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

VPN Feature Configuration: This is the other location that you set the AuthenticationMode(2 locations on the CUCM total). You will also modify the password setup

as well. All other values are best left default.

Page 9: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Common Phone Profile Configuration: This is the location that you will add the VPN Group/Profile information and then the phone will grab this information

from the XML file that it will download from the CUCM server.

Page 10: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Phone Configuration: Add the Common Phone Profile to the IP phone on the phone configuration page

Page 11: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Certificate Management Portion of the configuration

Page 12: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Manufacturing Cert: You will download this from the CUCM serverand then place it into the configuration on the ASA.

The “Serial Number” on the CUCM should match up withthe “certificate ca” string on the ASA

Page 13: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

CAPF Cert: You will download this from the CUCM serverand then place it into the configuration on the ASA.

The “Serial Number” on the CUCM should match up withthe “certificate ca” string on the ASA

Page 14: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

ASA Cert: You will download this from the ASAand then place it into the configuration on the CUCM.

The “Serial Number” on the CUCM should match up withthe “certificate ca” string on the ASA

Page 15: IP Phone VPN Training from CUCM perspective · IP Phone VPN Training from CUCM perspective Ryan Bennett ryabenne@cisco.com

Go back through slides 2 – 7 just to make sure everything is in its proper place and configured correctly at this time.

------------------------------------

Now try to register the phone internally and then the phone willpull all the certificate information down and save those certs locally.

------------------------------

Now try to register the phone externally by doing the following:On the IP phone press the Settings button

Security ConfigurationVPN Configuration

VPN Enabled (Enable it if its not already)Login with your User/PW