Cisco Unified Communications Manager Security Guide, Release 8.0(1)
Configuring Virtual Private Networks
Downloads: This chapterpdf (PDF - 332.0 KB) The complete bookPDF (PDF - 2.63 MB) | Feedback

Configuring Virtual Private Networks

Table Of Contents

Configuring Virtual Private Networks

Supported Devices

Configuring the VPN Feature

Configuring Virtual Private Networks

The Cisco VPN Client for Cisco Unified IP Phones adds another option for customers attempting to solve the remote telecommuter problem by complementing other Cisco remote telecommuting offerings.

Easy to DeployAll settings configured via CUCM administration.

Easy to UseAfter configuring the phone within the Enterprise, the user can take it home and plug it into their broadband router for instant connectivity, without any difficult menus to configure.

Easy to Manage—Phone can receive firmware updates and configuration changes remotely.

Secure—VPN tunnel only applies to voice and IP phone services. A PC connected to the PC port is responsible for authenticating and establishing it own tunnel with VPN client software.

Supported Devices

You can use Cisco Unified Reporting to determine which Cisco Unified IP Phones support the VPN client. From Cisco Unified Reporting, click Unified CM Phone Feature List. For the Feature, choose Virtual Private Network Client from the pull-down menu. The system displays a list of products that support the feature.

For more information about using Cisco Unified Reporting, see the Cisco Unified Reporting Administration Guide.

Configuring the VPN Feature

To configure the VPN feature for supported Cisco Unified IP Phones, follow the steps in Table 15-1.

Note The IP Phone VPN requires both TCP and UDP port 443 enabled to successfully build the VPN tunnel.

Table 15-1 VPN Configuration Checklist

Configuration Steps
Notes and Related Procedures

Step 1 

Set up the VPN concentrators for each VPN Gateway.

For configuration information, refer to the documentation for the VPN concentrator; such the following:

SSL VPN Client (SVC) on ASA with ASDM Configuration Example

Note The ASA software must be version 8.0.4 or later, and the "AnyConnect Cisco VPN Phone" license must be installed.

Note To avoid long delays when the user upgrades the firmware or configuration information on a remote phone, Cisco recommends that you set up the VPN concentrator close in the network to the TFTP or Cisco Unified Communications Manager server. If this is not feasible in your network, you can set up an alternate TPTP or load server that is next to the VPN concentrator.

Step 2 

Upload the VPN concentrator certificates.

Chapter 16 "Configuring a VPN Gateway"

Step 3 

Configure the VPN Gateways.

Chapter 16 "Configuring a VPN Gateway"

Step 4 

Create a VPN Group using the VPN Gateways.

Chapter 17 "Configuring a VPN Group"

Step 5 

Configure the VPN Profile

Chapter 18 "Configuring a VPN Profile"

Step 6 

Add the VPN Group and VPN Profile to a Common Phone Profile.

In Cisco Unified Communications Manager Administration, choose Device > Device Settings > Common Phone Profile. For more information, see the "Common Phone Profile Configuration" chapter in the Cisco Unified Communications Manager Administration Guide.

Note If you do not associate a VPN Profile with the Common Phone Profile, VPN uses the default settings defined in the VPN Feature Configuration window.

Step 7 

Upgrade the firmware for Cisco Unified IP Phones to a version that supports VPN.

To run the Cisco VPN client, a supported Cisco Unified IP Phone must be running firmware release 9.0(2) or higher. For more information about upgrading firmware, see the Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager for your Cisco Unified IP Phone model.

Note Before you can upgrade to firmware release 9.0(2), supported Cisco Unified IP Phones must be running firmware release 8.4(4) or later.

Step 8 

Using a supported Cisco Unified IP Phone, establish a VPN connection.

For more information about configuring a Cisco Unified IP Phone and establishing a VPN connection, see the Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager for your Cisco Unified IP Phone model.