Cisco Unified Communications Manager Security Guide, Release 9.0(1)
VPN feature setup
Downloads: This chapterpdf (PDF - 344.0KB) The complete bookPDF (PDF - 3.67MB) | Feedback

VPN feature setup

VPN feature setup

This chapter provides information about the VPN feature configuration parameters.


Note


The VPN menu and its options are not available in the U.S. export unrestricted version of Cisco Unified Communications Manager.


About VPN feature setup

The VPN Feature Configuration window contains the common configuration settings for the VPN feature that the system uses when you do not associate a VPN Profile with a Common Phone Profile. If you define a VPN Profile as part of configuring a Common Phone Profile, the VPN Profile settings take precedence over the VPN Feature Configuration settings.

Edit VPN feature parameters

To edit the VPN feature configuration parameters, follow this procedure:

Procedure
    Step 1   In Cisco Unified Communications Manager Administration, choose Advanced Features > VPN > VPN Feature Configuration.
    Step 2   Accept the suggested values or enter a new value.
    Step 3   Click Save.

    Related Information

    VPN feature parameters

    The following table provides descriptions of the VPN feature configuration parameters.

    Table 1 VPN Feature Configuration Parameters

    Field

    Default

    Enable Auto Network Detect

    When True, the VPN client can only run when it detects that it is out of the corporate network.

    Default: False

    MTU

    This field specifies the maximum transmission unit:

    Default: 1290 bytes

    Minimum: 256 bytes

    Maximum: 1406 bytes

    Keep Alive

    This field specifies the rate at which the system sends the keep-alive message.

    Note   

    If it is non-zero and less than the value specified in Cisco Unified Communications Manager, the keep-alive setting in the VPN concentrator overwrites this setting.

    Default: 60 seconds

    Minimum: 0

    Maximum: 120 seconds

    Fail to Connect

    This field specifies the amount of time to wait for log-in or connect operations to complete while the system creates the VPN tunnel.

    Default: 30 seconds

    Minimum: 0

    Maximum: 600 seconds

    Client Authentication Method

    From the drop-down list, choose the client authentication method:

    • User and password
    • Password only
    • Certificate (LSC or MIC)

    Default: User And Password

    Enable Password Persistence

    When True, a user password gets saved in the phone until either a failed log-in attempt occurs, a user manually clears the password, or the phone resets or loses power.

    Default: False

    Enable Host ID Check

    When True, the gateway certificate subjectAltName or CN must match the URL to which the VPN client is connected.

    Default: True