Cisco Unified Communications Manager Security Guide, Release 8.0(1)
Configuring a VPN Gateway
Downloads: This chapterpdf (PDF - 360.0KB) The complete bookPDF (PDF - 2.63MB) | Feedback

Configuring a VPN Gateway

Table Of Contents

Configuring a VPN Gateway

Uploading VPN Concentrator Certificates

Configuring the VPN Gateway

Finding a VPN Gateway

Configuring a VPN Gateway


Configuring a VPN Gateway


To configure a VPN gateway, you must first upload the VPN concentrator certificates and then configure the VPN gateway.

This chapter contains the following sections:

Uploading VPN Concentrator Certificates

Configuring the VPN Gateway

Uploading VPN Concentrator Certificates

You upload certificates to the system using the Cisco Unified Communications Operating System. Follow this procedure to upload VPN concentrator certificates:

Procedure


Step 1 From Cisco Unified Communications Operating System Administration, choose Security > Certificate Management.

The Certificate List window displays.

Step 2 Click Upload Certificate.

The Upload Certificate popup window displays.

Step 3 From the Certificate Name pull-down menu, choose Phone-VPN-trust.

Step 4 Click Browse to choose the file you want to upload.

Step 5 Click Upload File.

Step 6 Choose another file to upload or click Close.


For more information about certificate management, see Chapter 6, "Security," in the Cisco Unified Communications Operating System Administration Guide.

Configuring the VPN Gateway

This section includes the following topics:

Finding a VPN Gateway

Configuring a VPN Gateway

Finding a VPN Gateway

To find a VPN gateway, perform the following procedure:

Procedure


Step 1 In Cisco Unified Communications Manager Administration, choose Advanced Features > VPN > VPN Gateway.

The Find and List VPN Gateways window displays. Records from an active (prior) query may also display in the window.

Step 2 To find all records in the database, ensure the dialog box is empty; go to Step 3.

To filter or search records

From the first drop-down list box, choose a search parameter.

From the second drop-down list box, choose a search pattern.

Specify the appropriate search text, if applicable.


Note To add additional search criteria, click the + button. When you add criteria, the system searches for a record that matches all criteria that you specify. To remove criteria, click the - button to remove the last added criterion or click the Clear Filter button to remove all added search criteria.


Step 3 Click Find.

All matching records display. You can change the number of items that display on each page by choosing a different value from the Rows per Page drop-down list box.

Step 4 From the list of records that display, click the link for the record that you want to view.


Note To reverse the sort order, click the up or down arrow, if available, in the list header.


The window displays the item that you choose.


Configuring a VPN Gateway

To add, update, or copy a VPN Gateway, perform the following procedure:

Procedure


Step 1 In Cisco Unified Communications Manager Administration, choose Advanced Features > VPN > VPN Gateway.

Step 2 Perform one of the following tasks:

To add a new profile, click Add New in the Find window and continue with Step 3.

To copy an existing VPN gateway, locate the appropriate profile as described in "Finding a VPN Gateway" section, click the Copy button next to the VPN gateway that you want to copy, and continue with Step 3.

To update an existing profile, locate the appropriate VPN gateway as described in "Finding a VPN Gateway" section and continue with Step 3.

When you click Add New, the configuration window displays with the default settings for each field. When you click Copy, the configuration window displays with the copied settings.

Step 3 Enter the appropriate settings as described in Table 16-1.

Step 4 Click Save.


Table 16-1 VPN Gateway Configuration Settings

Field
Description

VPN Gateway Name

Enter the name of the VPN gateway.

VPN Gateway Description

Enter a description of the VPN gateway.

VPN Gateway URL

Enter the URL for the main VPN concentrator in the gateway.

Note You must configure the VPN concentrator with a group-URL and use this URL as the gateway URL.

For configuration information, refer to the documentation for the VPN concentrator; such the following:

SSL VPN Client (SVC) on ASA with ASDM Configuration Example

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008071c428.shtml

VPN Certificates for this Gateway

Use the up and down arrow keys to assign certificates to the gateway. If you do not assign a certificate for the gateway, the VPN client will fail to connect to that concentrator.

Note You can assign up to 10 certificates to a VPN Gateway, and you must assign at least one certificate to each gateway. Only certificates that are associated with the Phone-VPN-trust role display in the available VPN certificates list.