Cisco Jabber Voice for Android Release 9.1(4) Administration Guide
Feature Setup
Downloads: This chapterpdf (PDF - 1.65MB) The complete bookPDF (PDF - 2.87MB) | The complete bookePub (ePub - 292.0KB) | Feedback

Feature Setup

Contents

Feature Setup

Set Up Mobile Connect

Mobile Connect, formerly known as Single Number Reach (SNR), allows the native mobile phone number to ring when someone calls the work number if:
  • Cisco Jabber Voice is not available. After Cisco Jabber Voice becomes available again and connects to the corporate network, the Unified CM returns to placing VoIP calls rather than using Mobile Connect.
  • The user selects the Always Use DVO Jabber calling option.
  • The user selects the Automatically select Jabber calling option and the user is outside of the Wi-Fi network.

To set up Mobile Connect, perform the following procedures:

  1. Enable Mobile Connect
  2. Specify one or more remote phone numbers to which Mobile Connect connects using one or both of the following procedures:
    • (Preferred) To specify the mobile phone number of the mobile device, see Add Mobility Identity.
    • (Optional) To specify alternate phone numbers, see Add Remote Destination (Optional). Alternate numbers can be any type of phone number, such as home phone numbers, conference room numbers, desk phone numbers, or a mobile phone number for a second mobile device.
  3. Test your settings:
    • Exit Cisco Jabber Voice on the mobile device. For instructions, see the FAQs for users, available from the user guides list.
    • Call the Cisco Jabber Voice extension from another phone.
    • Verify that the native mobile network phone number rings and that the call connects when you answer it.

Enable Mobile Connect

Use the following procedure to enable mobile connect for an end user.

Procedure
    Step 1   Sign in to the Unified CM Administration portal.
    Step 2   Search for and delete any existing Remote Destination or Mobility Identity that is already set up with the mobile phone number.
    Step 3   Navigate to the End User page for the user.
    1. In the Mobility Information section, check the Enable Mobility check box.
    2. On Unified CM Release 9.0 and earlier, specify the Primary User Device.
    3. Select Save.
    Step 4   Navigate to the device page for the Cisco Dual Mode mobile device settings.
    1. Enter the following information:

      Setting

      Information

      Softkey Template

      Choose a softkey template that includes the Mobility button.

      For information about setting up softkey templates, see the related information in the Cisco Unified Communications Manager Administration Guide for your release. This documentation can be found in the maintenance guides list.

      Mobility User ID

      Select the user.

      Owner User ID

      Select the user. The value must match the Mobility User ID.

      Rerouting Calling Search Space

      Choose a Rerouting Calling Search Space that includes both of the following:

      • The partition of the desk phone extension of the user. This requirement is used by the system to provide the Dial via Office feature, not for routing calls.
      • A route to the mobile phone number. The route to the mobile phone number (that is, the Gateway/Trunk partition) must have a higher preference than the partitions of the enterprise extension that is associated with the device.

      Note that the client allows users to specify a callback number for Dial via Office-Reverse calls that is different from the mobile phone number of the device, and the Rerouting Calling Search Space controls which callback numbers are reachable.

      If the user sets up the DVO Callback Number with an alternate number, ensure that you set up the trunk Calling Search Space (CSS) to route to destination of the alternate phone number.

    2. Select Save.

    Add Mobility Identity

    Use this procedure to add a Mobility Identity to specify the mobile phone number of the mobile device as the destination number. This destination number is used by features such as Dial via Office or Mobile Connect.

    You can specify only one number when you add a mobility identity. If you want to specify an alternate number such as a second mobile phone number for a mobile device, you can set up a remote destination. The Mobility Identity configuration characteristics are identical to those of the Remote Destination configuration.

    Procedure
      Step 1   Sign in to the Unified CM Administration portal.
      Step 2   Navigate to the device page for the Cisco Dual Mode mobile device settings.
      Step 3   In the Associated Mobility Identity section, select Add a New Mobility Identity.
      Step 4   Enter the mobile phone number as the Destination Number.

      This number must be routable to an outbound gateway. Generally, the number is the full E.164 number.

      Note   

      If you enable the Dial via Office - Reverse feature for a user, you must enter a destination number for the user's mobility identity.

      If you enable Dial via Office - Reverse and leave the destination number empty in the mobility identity:

      • The phone service cannot connect if the user selects the Automatically select Jabber calling option while using a mobile data network and VPN.
      • The phone service cannot connect if the user selects the Always use DVO Jabber calling option on any type of network.
      • The logs do not indicate why the phone service cannot connect.

      When using Dial via Office - Reverse, the system does not automatically push updated destination numbers for the user's mobility identity to the client after you already entered a destination number. To work around this issue, ask the user to do one of the following:

      • In the client Settings, manually update the phone number in the DVO Callback Number field.
      • In the client Settings, delete the current number in the DVO Callback Number field, and then exit and restart the client.
      • Use the Android Settings to clear the client application data, and then reprovision the client.

      For more information about using the Android Settings or the client Settings, see the FAQs.

      Step 5   Enter the initial values for call timers.

      These values ensure that calls are not routed to the mobile service provider voicemail before they ring in the client on the mobile device.

      For more information, see the online help in Unified CM.



      Example:
      Setting Suggested Initial Value

      Answer Too Soon Timer

      3000

      Answer Too Late Timer

      20000

      Delay Before Ringing Timer

      0

      Note   

      This setting does not apply to DVO-R calls.

      Step 6   Check the Enable Mobile Connect check box.
      Step 7   If you are setting up the Dial via Office feature, in the Mobility Profile drop-down list, select one of the following options.
      Option Description
      Leave blank

      Choose this option if you want users to use the Enterprise Feature Access Number (EFAN).

      Mobility Profile

      Choose the Mobility Profile that you just created if you want users to use a Mobility Profile instead of an EFAN.

      Step 8   Set up the schedule for routing calls to the mobile number.
      Step 9   Select Save.

      Add Remote Destination (Optional)

      Use this procedure to add a Remote Destination to specify any alternate number as the destination number. The Mobility Identity configuration characteristics are identical to those of the Remote Destination configuration.

      Alternate numbers can be any type of phone number, such as home phone numbers, conference room numbers, desk phone numbers, or multiple mobile phone numbers for additional mobile devices. You can add more than one remote destination.

      Procedure
        Step 1   Sign in to the Unified CM Administration portal.
        Step 2   Navigate to the device page for the Cisco Dual Mode mobile device settings.
        Step 3   In the Associated Remote Destinations section, select Add a New Remote Destination.
        Step 4   Enter the desired phone number as the Destination Number.

        This number must be routable to an outbound gateway. Generally, the number is the full E.164 number.

        Step 5   Enter the initial values for call timers.

        These values ensure that calls are not routed to the mobile service provider voicemail before they ring in the client on the mobile device.

        For more information, see the online help in Unified CM.



        Example:
        Setting Suggested Initial Value

        Answer Too Soon Timer

        3000

        Answer Too Late Timer

        20000

        Delay Before Ringing Timer

        0

        Note   

        This setting does not apply to DVO-R calls.

        Step 6   Check the Enable Mobile Connect check box.
        Step 7   Set up the schedule for routing calls to the mobile number.
        Step 8   Select Save.

        Enable Active Call Transfer from VoIP to Mobile Voice Network

        Users can transfer an active VoIP call from the client to their mobile phone number on the mobile voice network. This feature is useful when a user on a call leaves the corporate Wi-Fi network (for example, leaving the building to walk out to the car), or if there are voice quality issues over the Wi-Fi or mobile data network. This Cisco Jabber Voice for Android feature is called Use Mobile Network.

        • For system-level settings, check that the Mobility softkey appears when the phone is in the connected and on-hook call states.

          1. Sign in to the Unified CM Administration portal.
          2. Select Device > Device Settings > Softkey Template.
          3. Select the softkey template that you selected when you configured the device for Mobile Connect.
          4. In the Related Links drop-down list at the upper right, choose Configure Softkey Layout and select Go.
          5. In the call state drop-down list, select the Connected state and verify that the Mobility key is in the list of selected softkeys.
          6. In the call state drop-down list, select the On Hook state and verify that the Mobility key is in the list of selected softkeys.

        • For the per-user and per-device settings in Cisco Unified Communications Manager, set the specific device to use the Mobility softkey when the device transfers calls to the mobile voice network. Ensure that you have set up both MobilityIdentity and Mobile Connect for the mobile device. After the transfer feature is working, users can enable and disable Mobile Connect at their convenience without affecting the feature.

          1. Sign in to the Unified CM Administration portal.
          2. Select the Owner User ID on the Phone Configuration screen for your Cisco Dual Mode for Android device.
          3. Select the Mobility User ID. The value usually matches that of the Owner User ID.
          4. In the Product Specific Configuration Layout section, in the Transfer to Mobile Network drop-down list, choose Use Mobility Softkey.

        What to Do Next

        Test your settings by transferring an active call from VoIP to the mobile network.

        Related Tasks
        Related Information

        Enable Active Call Transfer from Desk Phone to Mobile Device

        Before You Begin
        • Ensure that you configured the desk phone and the Cisco Dual Mode for Android (BOTXXXX) device.
        • Ensure that you configured the Mobile Connect feature on the BOTXXXX device. See Set Up Mobile Connect.
        Procedure
          Step 1   Sign in to the Unified CM Administration portal.
          Step 2   Navigate to the Phone Configuration screen for the BOTXXXX device.
          Step 3   In the Device Information section, note the value of the Mobility User ID.
          Step 4   Navigate to the Phone Configuration screen for the associated desk phone.
          Step 5   In the Device Information section, ensure that the value of the Owner User ID of the desk phone matches the value for the Mobility User ID of the BOTXXXX device.
          Step 6   In the Device Information section, from the Softkey Template drop-down list, choose Mobility.
          Note   

          If you do not see the Mobility option, you must configure the Mobility softkey. See the "Mobility Softkey Configuration" section in the "Cisco Unified Mobility" chapter of Cisco Unified Communications Manager Features and Services Guide, Release 7.0(1).


          What to Do Next

          Test your settings. The procedure for moving the call to your mobile device can vary depending on your desk phone model. A sample procedure is as follows:
          1. Press the Mobility softkey on your desk phone. In some cases, you need to press More a few times before you see the Mobility softkey.
          2. Select Send call to Mobile.
          3. Answer your call on your mobile device.

          Related Tasks
          Related Information

          Set Up Dial Via Office

          Important:

          The DVO-R feature requires:

          • Cisco Jabber for Android client, Release 9.1(x) or Cisco Jabber Voice for Android client, Release 9.1(5).
          • Unified CM 8.6.2SU3 (8.6.2.23900-10) or 9.1(1a).

          User-controlled voicemail avoidance, which can be used in conjunction with the Dial via Office feature, is available only on Unified CM Release 9.0 and later. Timer-controlled voicemail avoidance is available on Unified CM Release 6.0 and later.

          The application cannot be provisioned with SIP Digest if Dial via Office is enabled.

          The Dial via Office (DVO) feature allows users to initiate Cisco Jabber Voice outgoing calls with their work number using the voice plan for the device.

          There are two types of Dial via Office calls: Dial via Office-Reverse (DVO-R) and Dial via Office-Forward (DVO-F). Cisco Jabber Voice supports Dial via Office-Reverse (DVO-R) calls. DVO-R works as follows:

          1. User initiates a Dial via Office-Reverse call.
          2. The client notifies Unified CM to call the mobile phone number.
          3. Unified CM calls and connects to the mobile phone number.
          4. Unified CM calls and connects to the number that the user dialed.
          5. Unified CM connects the two segments.
          6. The user and the called party continue as with an ordinary call.

          Incoming calls use either Mobile Connect or the Internet, depending on which Jabber Calling Options the user sets on the client. Dial via Office does not require Mobile Connect to work. However, we recommend that you enable Mobile Connect to allow the native mobile number to ring when someone calls the work number. From the Unified CM user pages, users can enable and disable Mobile Connect, and adjust Mobile Connect behavior using settings (for example, the time of day routing and Delay Before Ringing Timer settings). For information about setting up Mobile Connect, see Set Up Mobile Connect.

          The following table describes the calling methods used for incoming and outgoing calls. The calling method (Internet, Mobile Connect, DVO-R, or native cellular call) varies depending on the selected Jabber Calling Options and the network connection.

          Table 1 Calling Methods used with Jabber Calling Options over Different Network Connections
          Connection Call Options
          Always use Internet Always use DVO Auto Select

          Corporate Wi-Fi
          Outgoing: Internet Incoming: Internet Outgoing: DVO-R Incoming: Mobile Connect Outgoing: Internet Incoming: Internet

          Noncorporate Wi-Fi

          Mobile Network (3G, 4G)
          Outgoing: DVO-R Incoming: Mobile Connect

          Jabber is not registered
          Outgoing Native Cellular Call
          Incoming Mobile Connect

          To set up Dial via Office-Reverse (DVO-R), you must do the following:

          1. Set up the Unified CM to support DVO-R. See Set Up Unified CM to Support DVO-R.
          2. Enable DVO on each Cisco Dual Mode for Android device. See Set Up Dial Via Office for Each Device.

          Set Up Unified CM to Support DVO-R

          To set up Unified CM to support DVO-R, perform the following procedures:

          1. Complete one or both of the following procedures.
          2. Verify Device COP File Version
          3. If necessary, create application dial rules to allow the system to route calls to the Mobile Identity phone number to the outbound gateway. Ensure that the format of the Mobile Identity phone number matches the application dial rules. For more information, see Application Dial Rules.

          Note


          The DVO-R feature requires:

          • Cisco Jabber Voice for Android client, Release 9.1(1) and later.
          • Unified CM 9.1(1a).

          Set Up Enterprise Feature Access Number

          Use this procedure to set up an Enterprise Feature Access Number for all Cisco Jabber Voice calls that are made using Dial via Office-Reverse.

          The Enterprise Feature Access Number is the number that Cisco Unified Communications Manager uses to call the mobile phone and the dialed number unless a different number is set up in Mobility Profile for this purpose.

          Before You Begin
          • Reserve a Direct Inward Dial (DID) number to use as the Enterprise Feature Access Number (EFAN). This procedure is optional if you already set up a mobility profile.
          • Determine the required format for this number. The exact value you choose depends on the phone number that the gateway passes (for example, 7 digits or 10 digits). The Enterprise Feature Access Number must be a routable number.
          Procedure
            Step 1   Sign in to the Unified CM Administration portal.
            Step 2   Choose Call Routing > Mobility > Enterprise Feature Access Number Configuration.
            Step 3   Select Add New.
            Step 4   In the Number field, enter the Enterprise Feature Access number.

            Enter a DID number that is unique in the system.

            To support dialing internationally, you can prepend this number with \+.

            Step 5   From the Route Partition drop-down list, choose the partition of the DID that is required for enterprise feature access.

            This partition is set under System > Service Parameters, in the Clusterwide Parameters (System - Mobility) section, in the Inbound Calling Search Space for Remote Destination setting. This setting points either to the Inbound Calling Search Space of the Gateway or Trunk, or to the Calling Search Space assigned on the Phone Configuration screen for the device.

            If the user sets up the DVO Callback Number with an alternate number, ensure that you set up the trunk Calling Search Space (CSS) to route to destination of the alternate phone number.

            Step 6   In the Description field, enter a description of the Mobility Enterprise Feature Access number.
            Step 7   (Optional) Check the Default Enterprise Feature Access Number check box if you want to make this Enterprise Feature Access number the default for this system.
            Step 8   Select Save.

            Set Up Mobility Profile

            Use this procedure to set up a mobility profile for Cisco Jabber Voice devices. This procedure is optional if you already set up an Enterprise Feature Access Number.

            Mobility profiles allow you to set up the Dial via Office-Reverse settings for a mobile client. After you set up a mobility profile, you can assign it to a user or to a group of users, such as the users in a region or location.

            Procedure
              Step 1   Sign in to the Unified CM Administration portal.
              Step 2   Choose Call Routing > Mobility > Mobility Profile.
              Step 3   In the Mobility Profile Information section, in the Name field, enter a descriptive name for the mobility profile.
              Step 4   In the Dial via Office-Reverse Callback section, in the Callback Caller ID field, enter the caller ID for the callback call that the client receives from Unified CM.
              Step 5   Click Save.

              Verify Device COP File Version

              Use the following procedure to verify that you are using the correct device COP file for this release of the client.

              Procedure
                Step 1   Sign in to the Unified CM Administration portal.
                Step 2   Choose Device > Phone.
                Step 3   Click Add New.
                Step 4   From the Phone Type drop-down list, choose Cisco Dual Mode for Android.
                Step 5   Click Next.
                Step 6   Scroll down to the Product Specific Configuration Layout section, and verify that you can see the Dial via Office drop-down list.

                If you can see the Dial via Office drop-down list, the COP file is already installed on your system.

                If you cannot see the Dial via Office drop-down list, locate and download the correct COP file. For more information, see Required Files.


                Set Up Dial Via Office for Each Device

                Use the following procedures to set up Dial via Office - Reverse for each client device.

                1. Add a Mobility Identity for each user.
                2. Enable Dial via Office on each device.
                3. If you enabled Mobile Connect, verify that Mobile Connect works. If you dial the desk phone extension, the phone number that is specified in the associated Mobile Identity should ring.

                Add Mobility Identity

                Use this procedure to add a Mobility Identity to specify the mobile phone number of the mobile device as the destination number. This destination number is used by features such as Dial via Office or Mobile Connect.

                You can specify only one number when you add a mobility identity. If you want to specify an alternate number such as a second mobile phone number for a mobile device, you can set up a remote destination. The Mobility Identity configuration characteristics are identical to those of the Remote Destination configuration.

                Procedure
                  Step 1   Sign in to the Unified CM Administration portal.
                  Step 2   Navigate to the device page for the Cisco Dual Mode mobile device settings.
                  Step 3   In the Associated Mobility Identity section, select Add a New Mobility Identity.
                  Step 4   Enter the mobile phone number as the Destination Number.

                  This number must be routable to an outbound gateway. Generally, the number is the full E.164 number.

                  Note   

                  If you enable the Dial via Office - Reverse feature for a user, you must enter a destination number for the user's mobility identity.

                  If you enable Dial via Office - Reverse and leave the destination number empty in the mobility identity:

                  • The phone service cannot connect if the user selects the Automatically select Jabber calling option while using a mobile data network and VPN.
                  • The phone service cannot connect if the user selects the Always use DVO Jabber calling option on any type of network.
                  • The logs do not indicate why the phone service cannot connect.

                  When using Dial via Office - Reverse, the system does not automatically push updated destination numbers for the user's mobility identity to the client after you already entered a destination number. To work around this issue, ask the user to do one of the following:

                  • In the client Settings, manually update the phone number in the DVO Callback Number field.
                  • In the client Settings, delete the current number in the DVO Callback Number field, and then exit and restart the client.
                  • Use the Android Settings to clear the client application data, and then reprovision the client.

                  For more information about using the Android Settings or the client Settings, see the FAQs.

                  Step 5   Enter the initial values for call timers.

                  These values ensure that calls are not routed to the mobile service provider voicemail before they ring in the client on the mobile device.

                  For more information, see the online help in Unified CM.



                  Example:
                  Setting Suggested Initial Value

                  Answer Too Soon Timer

                  3000

                  Answer Too Late Timer

                  20000

                  Delay Before Ringing Timer

                  0

                  Note   

                  This setting does not apply to DVO-R calls.

                  Step 6   Check the Enable Mobile Connect check box.
                  Step 7   If you are setting up the Dial via Office feature, in the Mobility Profile drop-down list, select one of the following options.
                  Option Description
                  Leave blank

                  Choose this option if you want users to use the Enterprise Feature Access Number (EFAN).

                  Mobility Profile

                  Choose the Mobility Profile that you just created if you want users to use a Mobility Profile instead of an EFAN.

                  Step 8   Set up the schedule for routing calls to the mobile number.
                  Step 9   Select Save.

                  Enable Dial Via Office on Each Device

                  Use this procedure to enable Dial via Office on each device.

                  Procedure
                    Step 1   Sign in to the Unified CM Administration portal.
                    Step 2   Navigate to the device page for the user.
                    Step 3   On the device page for the user, in the Product Specific Configuration Layout section, set the Dial via Office drop-down list to Enabled.
                    Important:

                    DVO-R is supported only on Unified CM Release 9.1 and later. Cisco plans to release a service update (SU) in the near future to support Cisco Jabber Voice with DVO-R on Unified CM 8.6. If you enable this setting on an unsupported release of Unified CM, the end user sees the DVO calling options and can attempt to make DVO-R calls, but the calls cannot connect.

                    Step 4   Select Save.
                    Step 5   Select Apply Config.

                    What to Do Next

                    Test this feature.

                    Set Up Voicemail Avoidance

                    Voicemail avoidance is a feature that prevents calls from being answered by the mobile service provider voice mail. This feature is useful if a user receives a Mobile Connect call from the enterprise on the mobile device. It is also useful when an incoming DVO-R call is placed to the mobile device.

                    You can set up Voicemail Avoidance in one of two ways:

                    • Timer-controlled: (Default) With this method, you set timers on the Unified CM to determine if the call is answered by the mobile user or mobile service provider voicemail.
                    • User-controlled: With this method, you set the Unified CM to require that a user presses any key on the keypad of the device to generate a DTMF tone before the call can proceed.

                    If you deploy DVO-R, Cisco recommends that you also set user-controlled Voicemail Avoidance. If you set user-controlled Voicemail Avoidance, this feature applies to both DVO-R and Mobile Connect calls.

                    For more information about voicemail avoidance, see the section called "Confirmed Answer and DVO VM detection" in the Unified CM Features and Services Guide.

                    Set Up Timer-Controlled Voicemail Avoidance

                    Timer-controlled voicemail avoidance is supported on Unified CM Release 6.0 and later.

                    Set up the timer control method by setting the Answer Too Soon Timer and Answer Too Late Timer on either the Mobility Identity or the Remote Destination. For more information, see Add Mobility Identity or Add Remote Destination (Optional).

                    Set Up User-Controlled Voicemail Avoidance

                    Important:

                    User-controlled voicemail avoidance is available on Unified CM Release 9.0 and later.

                    To set up User-Controlled Voicemail Avoidance, perform the following procedures:

                    1. Set Up Unified CM to Support User-Controlled Voicemail Avoidance
                    2. Set up user-controlled voicemail avoidance on the device by performing one of the following procedures:
                    Important:

                    Cisco does not support user-controlled voicemail avoidance when using DVO-R with alternate numbers that the end user sets up in the client. An alternate number is any phone number that the user enters in the DVO Callback Number field on the client that does not match the phone number that you set up on the user's Mobility Identity.

                    If you set up this feature with alternate numbers, the Unified CM connects the DVO-R calls even if the callback connects to a wrong number or a voicemail system.

                    Set Up Unified CM to Support User-Controlled Voicemail Avoidance

                    Use this procedure to set up the Unified CM to support user-controlled Voicemail Avoidance.

                    Procedure
                      Step 1   Sign in to the Unified CM.
                      Step 2   In the Navigation field, choose Unified CM Administration.
                      Step 3   Choose System > Service Parameters.
                      Step 4   In the Server drop-down list, select the active United CM.
                      Step 5   In the Service drop-down list, select the Cisco Call Manager (Active) service.
                      Step 6   Configure the settings in the Clusterwide Parameters (System - Mobility Single Number Reach Voicemail) section.
                      Note   

                      The settings in this section are not specific to Cisco Jabber Voice. For information about how to configure these settings, see "Confirmed Answer and DVO VM detection" section in the Cisco Unified Communication Manager Administrator Guide for your release.

                      Step 7   Click Save.

                      Enable User-Controlled Voicemail Avoidance on Mobility Identity

                      Use this procedure to enable user-controlled voicemail avoidance for the end user's mobility identity.

                      Before You Begin
                      Procedure
                        Step 1   Sign in to the Unified CM Administration portal.
                        Step 2   Navigate to the device page for the user.
                        Step 3   In the Associated Mobility Identity section, click the link for the Mobility Identity.
                        Note   

                        To ensure that the Voicemail Avoidance feature works correctly, the DVO Callback Number that the end user enters in the Cisco Jabber Voice client must match the Destination Number that you enter on the Mobility Identity Configuration screen.

                        Step 4   In the Single Number Reach Voicemail Policy drop-down list, select User control.
                        Step 5   Click Save.

                        Enable User-Controlled Voicemail Avoidance on Remote Destination

                        Use this procedure to enable user-controlled voicemail avoidance for the end user's remote destination.

                        Before You Begin
                        Procedure
                          Step 1   Sign in to the Unified CM Administration portal.
                          Step 2   Navigate to the device page for the user.
                          Step 3   In the Associated Remote Destinations section, click the link for the associated remote destination.
                          Step 4   In the Single Number Reach Voicemail Policy drop-down list, select User control.
                          Step 5   Click Save.

                          Set Up Visual Voicemail

                          The visual voicemail feature is an alternative to the basic voicemail service.

                          With visual voicemail, you can see a list of your messages without having to dial in to your voice mailbox. From this list, you can:

                          • Play or pause your messages
                          • See a transcription of your messages (if available)
                          • Delete messages
                          • Call back the contact who sent the message
                          • Add contacts

                          Set up visual voicemail with the following procedures:

                          1. Verify that Voicemail Representational State Transfer (VMREST) services are set up on Cisco Unity Connection. See Verify VMREST Services.
                          2. Enable settings for secure messaging on Cisco Unity Connection. See Enable Settings for Secure Messaging.
                          3. Set up visual voicemail on Unified CM. See Set Up Visual Voicemail on Unified CM.

                          Verify VMREST Services

                          Use this procedure to verify that your Cisco Unity Connection is set up with the correct VMREST services to support visual voicemail on the client.

                          Procedure
                            Step 1   Sign in to Cisco Unity Connection Administration.
                            Step 2   In the Navigation drop-down list, choose Cisco Unity Connection Serviceability.
                            Step 3   Select Go.
                            Step 4   Choose Tools > Service Management.
                            Step 5   In the Optional Services section, verify that the following services are active and running:
                            • Connection Jetty
                            • Connection REST Service

                            Enable Settings for Secure Messaging

                            Use this procedure if you want to set up the Cisco Unity Connection to support playback of secure voice messages on the client.

                            Procedure
                              Step 1   Sign in to Cisco Unity Connection Administration.
                              Step 2   In the Navigation drop-down list, choose Cisco Unity Connection Administration.
                              Step 3   Select Go.
                              Step 4   In the left pane, navigate to System Settings > Advanced > API Settings.
                              Step 5   Check the following three check boxes:
                              1. Allow Access to Secure Message Recordings through CUMI
                              2. Display Message Header Information of Secure Messages through CUMI
                              3. Allow Message Attachments through CUMI
                              Step 6   Select Save.

                              Set Up Visual Voicemail on Unified CM

                              Before You Begin
                              • Collect the values for the settings that are listed in the table in this procedure.
                              • Consult your voicemail administrator if you have questions about the values for the settings in this section.
                              Procedure
                                Step 1   Sign in to the Unified CM Administration portal.
                                Step 2   Navigate to the device page for the user.
                                Step 3   In the Product Specific Configuration Layout section, enter voicemail settings.
                                Setting Description
                                Voicemail Username Unique username for voicemail access for this user.
                                Voicemail Server (include the port)

                                For the voicemail server, enter the fully qualified domain name or IP address. Use the format Servername.YourCompany.com:portnumber

                                Voicemail Message Store Username

                                Leave this field blank. Cisco Jabber Voice for Android does not use this field. This field is used for devices that support Cisco Unity.

                                Voicemail Message Store

                                Leave this field blank. Cisco Jabber Voice for Android does not use this field. This field is used for devices that support Cisco Unity.

                                Step 4   Select Save.
                                Step 5   Select Apply Config.
                                Step 6   Select Reset.
                                Step 7   Restart Cisco Jabber Voice.
                                Step 8   Step through the setup wizard until you see the Voicemail screen.
                                Step 9   Enter your voicemail password.
                                Step 10   Select Verify.
                                Step 11   Complete the setup wizard.

                                What to Do Next

                                Test this feature.

                                Enable Enhanced Message Waiting Indicator

                                A Message Waiting Indicator alerts users to the presence of new voice messages. Enhanced Message Waiting Indicator provides a count of unheard messages on systems that support this feature. Users can call the voice messaging system to retrieve the messages.

                                Note


                                To enable the basic Message Waiting Indicator, follow the instructions in the Cisco Unified Communications Manager documentation for your release. There are no unique configurations for this client.


                                If your deployment supports Enhanced Message Waiting Indicator, enable this option in the Cisco Unity Connection Administration portal.

                                Procedure
                                  Step 1   Sign in to Cisco Unity Connection Administration.
                                  Step 2   In the left pane, navigate to Telephony Integrations > Phone System.
                                  Step 3   Select the link for the desired phone system.
                                  Step 4   In the Message Waiting Indicators section, select the Send Message Counts check.
                                  Step 5   Select Save.

                                  Specify Directory Search Settings

                                  Use this procedure to specify the settings that Cisco Jabber Voice for Android uses to connect to the directory server. When the user sets up Cisco Jabber Voice for Android, these settings are automatically configured.


                                  Note


                                  Cisco Jabber Voice for Android does not support the Reporting Structure feature with Open LDAP. This feature is supported only with Microsoft Active Directory.

                                  If you want to set up the Reporting Structure, Cisco Jabber Voice for Android uses the following elements: Manager, Direct reports, Title, and Department.


                                  Before You Begin

                                  Identify attributes in your corporate directory schema that are different from, or additional to, the application defaults. You must map changed attributes later in this procedure.

                                  Using the following table, verify the values for your directory:

                                  • If you use an Active Directory server, review the values in the column called "Default Active Directory Attribute." If your attributes differ from the values in the "Default Active Directory Attribute" column, make a note of your actual attribute name in the column titled "Your Value, if Different."
                                  • If you use an LDAP server that is not an Active Directory server, review the values in the column called "Default Attribute for All Other LDAP Servers." If your attributes differ from the values in the "Default Attribute for All Other LDAP Servers" column, make a note of your actual attribute name in the column titled "Your Value, if Different."


                                  Table 2 Directory Elements and Attributes

                                  Element

                                  Element Name

                                  Default Active Directory Attribute

                                  Default Attribute for All Other LDAP Servers

                                  Your Value, if Different

                                  Unique identifier

                                  identifier

                                  distinguishedName

                                  distinguishedName

                                   

                                  Display name

                                  displayName

                                  displayName

                                  cn

                                   

                                  Email address

                                  emailAddress

                                  mail

                                  mail

                                   

                                  First name

                                  firstName

                                  givenName

                                  givenName

                                   

                                  Last name

                                  lastName

                                  sn

                                  sn

                                   

                                  User ID

                                  userid

                                  sAMAccountName

                                  uid

                                   

                                  Main phone number

                                  mainPhoneNumber

                                  telephoneNumber

                                  telephoneNumber

                                   

                                  Home phone number

                                  homePhoneNumber

                                  homeTelephoneNumber

                                  homeTelephoneNumber

                                   

                                  Second home phone number

                                  homePhoneNumber2

                                  homeTelephoneNumber

                                  homeTelephoneNumber

                                   

                                  Mobile phone number

                                  mobilePhoneNumber

                                  mobile

                                  mobile

                                   

                                  Second mobile phone number

                                  mobilePhoneNumber2

                                  mobile

                                  mobile

                                   

                                  Direct to voicemail phone number

                                  voicemailPhoneNumber

                                  voicemai

                                  voicemail

                                   

                                  Fax number

                                  faxPhoneNumber

                                  facsimileTelephoneNumber

                                  facsimileTelephoneNumber

                                   

                                  Other phone number

                                  otherPhoneNumber

                                  telexNumber

                                  telexNumber

                                   

                                  Manager

                                  manager

                                  manager

                                  Direct reports

                                  directReports

                                  directReports

                                  Title

                                  title

                                  title

                                  Department

                                  department

                                  department

                                  Procedure
                                    Step 1   Sign in to the Unified CM Administration portal.
                                    Step 2   Navigate to the Cisco Dual Mode device page for the user.
                                    Step 3   In the Product Specific Configuration Layout section, set the Enable LDAP User Authentication setting.
                                    • If users do not need to enter credentials to access directory services, select Disabled.
                                    • If users must enter credentials to access directory services, select Enabled.
                                    Step 4   In the LDAP Server field, enter the IP address or hostname of the LDAP server.
                                    • If you do not want to deploy Directory Search in the client, leave this field blank.
                                    • Otherwise, enter the IP address or hostname, and port number of your directory server.
                                    Use the format YourDirectoryServer.YourCompany.com:portnumber. If you enter an IP address or hostname but do not enter a port, the client tries to connect to port 389.
                                    Step 5   The Enable LDAP SSL drop-down list appears. Because there is no support for SSL with LDAP, SSL is disabled by default. Choosing Enabled or Disabled has no effect.
                                    Step 6   Enter the LDAP Search Base using one of the following formats.
                                    • OU=organization,DC=corp,DC=yourcompany,DC=com
                                    • CN=users,DC=corp,DC=yourcompany,DC=com
                                    By default, this application uses the search base found in a RootDSE search on the defaultNamingContext attribute. To specify a different search base, enter the Distinguished Name of the root node in your corporate directory that contains user information. Use the lowest node that includes the necessary names. Using a higher node creates a larger search base and thus reduces performance if the directory is very large.
                                    Note    To help determine the optimal search base, use a utility such as Active Directory Explorer (available from Microsoft) to view your data structure.
                                    Step 7   Enter the LDAP field mappings. LDAP field mappings identify the attributes in your directory that hold the information to search and display for directory searches. Using the Directory Elements and Attributes table, enter any field mappings that do not match the default as name=value pairs, separating each field with a semicolon (;). Enter the information that is contained in the "Element Name" column for the name. Enter the information in the "Your Value if Different" column for the value.

                                    Example:displayName=nickname;emailAddress=email
                                    Step 8   Enter the LDAP photo location. Enter the pathname to the image files on your HTTP server. Be sure to specify the correct graphics file type (for example, jpg or png). Use the variable %%LDAP Attribute %% to represent the LDAP attribute.

                                    Example:http://yourcompany.cisco.com/photo/std/%%userID%%.jpg

                                    You must include the double percent symbols in the string.

                                    The client automatically resizes the images as needed, but it processes smaller images faster.

                                    You must store your photos on an HTTP server, with filenames that are identical to the values in an LDAP directory attribute (excluding the filename extension).

                                    By default, the client uses the attribute that is mapped to the userid element in the Directory Elements and Attributes table that precedes this procedure. You can specify a different attribute in the LDAP Field Mappings field.



                                    Example:If an image file from your directory is named jsmith.jpg, and the value in the cn attribute is jsmith, then you can use the LDAP Field Mappings field to map the userid element to the cn attribute in your LDAP directory.
                                    Step 9   Select Save.
                                    Step 10   Restart the client.

                                    What to Do Next

                                    Test the directory search feature.

                                    Set Up Multiple Resource Sign-In

                                    By default, users can sign in to multiple instances of Cisco Jabber Voice for Android at the same time. Set one of the following command-line values to change the default behavior:

                                    Argument Value Description
                                    LOGIN_RESOURCE WBX Controls user log in to multiple client instances.
                                      MUT By default, users can log in to multiple instances of Cisco Jabber Voice for Android at the same time. Set one of the following values to change the default behavior:
                                        WBX

                                    Users can log in to one instance of Cisco Jabber Voice for Android at a time.

                                    Cisco Jabber Voice for Android appends the wbxconnect suffix to the user's JID. Users cannot log in to any other Cisco Jabber Voice for Android client that uses the wbxconnect suffix.

                                    MUT

                                    Users can log in to one instance of Cisco Jabber Voice for Android at a time, but can log in to other Cisco Jabber Voice for Android clients at the same time.

                                    Each instance of Cisco Jabber Voice for Android appends the user's JID with a unique suffix.

                                    Set Up SIP Digest Authentication Options

                                    SIP Digest Authentication is a Unified CM security feature that authenticates user devices. For more information, see the Cisco Unified Communications Manager Security Guide and the Cisco Unified Communications Manager Administration Guide, available from the maintenance guides list.


                                    Note


                                    Cisco Jabber Voice for Android does not support SIP Digest Authentication feature with the Dial via Office - Reverse feature.


                                    For Cisco Jabber Voice for Android, you have three options:

                                    Disable SIP Digest Authentication

                                    Follow these steps on each device page in Unified CM.
                                    Procedure
                                      Step 1   Sign in to the Unified CM Administration portal.
                                      Step 2   Navigate to the device page.
                                      Step 3   In the Protocol Specific Information section, in the Device Security Profile drop-down list, select “Cisco Dual Mode for Android - Standard SIP Non-Secure Profile.”
                                      Step 4   Complete the authentication details in the Product Specific Configuration Layout section.
                                      1. In the Enable SIP Digest Authentication drop-down list, select “Disabled.”
                                      2. Leave SIP Digest Username blank.
                                      Step 5   Select Save.
                                      Step 6   Select Apply Config.
                                      Step 7   Restart Cisco Jabber Voice.

                                      Enable SIP Digest Authentication with Automatic Password Authentication

                                      Procedure
                                        Step 1   Create a new profile for Cisco Dual Mode for Android under System > Security Profile > Phone Security Profile:
                                        1. Select Add New.
                                        2. In the Phone Security Profile Type drop-down list, select Cisco Dual Mode for Android.
                                        3. Select Next.
                                        4. Enter a name for your new phone security profile.
                                        5. Check Enable digest authentication.
                                        6. Uncheck Exclude digest credentials in configuration file.
                                        7. Select Save.
                                        Step 2   On each End User page, in the User Information section, complete the following tasks:
                                        1. In the User ID field, verify that the user ID is entered.
                                        2. In the Digest Credentials field, enter the digest credentials.
                                        3. In the Confirm Digest Credentials field, reenter the digest credentials.
                                        Step 3   On each Cisco Dual Mode for Android device page, complete the profile information in the Protocol Specific Information section:
                                        1. In the Device Security Profile drop-down list, select the new secure profile you just created.
                                        2. In the Digest User drop-down list, select the digest user.
                                        Step 4   On the same device page, complete the authentication details in the Product Specific Configuration Layout section:
                                        1. In the Enable SIP Digest Authentication drop-down list, select Enabled.
                                        2. Leave SIP Digest Username blank.
                                        Step 5   Select Save.
                                        Step 6   Select Apply Config.
                                        Step 7   Restart Cisco Jabber Voice.

                                        Enable SIP Digest Authentication with Manual Password Authentication

                                        Procedure
                                          Step 1   Create a new profile for Cisco Dual Mode for Android under System > Security Profile > Phone Security Profile:
                                          1. Select Add New.
                                          2. In the Phone Security Profile Type drop-down list, select Cisco Dual Mode for Android.
                                          3. Select Next.
                                          4. Enter a name for your new phone security profile.
                                          5. Check Enable digest authentication.
                                          6. Check Exclude digest credentials in configuration file.
                                          7. Select Save.
                                          Step 2   On each End User page, in the User Information section, complete the following tasks:
                                          1. In the User ID field, verify that the user ID is entered.
                                          2. In the Digest Credentials field, enter the digest credentials.
                                          3. In the Confirm Digest Credentials field, reenter the digest credentials.
                                          Make a note of this password. You provide this password to the user later.
                                          Step 3   On each Cisco Dual Mode for Android device page, enter the new profile information in the Protocol Specific Information section:
                                          1. In the Device Security Profile list, select the new secure profile you just created.
                                          2. In the Digest User list, select the digest user.
                                          Step 4   On the same device page, complete the authentication details in the Product Specific Configuration Layout section:
                                          1. In the Enable SIP Digest Authentication list, select Enabled.
                                            Important:

                                            To enable SIP Digest Authentication, you must also select a custom device security profile in which you enable SIP Digest Authentication (as outlined in the previous step).

                                            If you enable SIP Digest Authentication without first selecting this custom device security profile:

                                            • Cisco Jabber Voice prompts the end user to enter SIP Digest Authentication credentials.
                                            • Cisco Jabber Voice accepts any credentials.
                                            • Unified CM does not authenticate the device using SIP Digest Authentication.
                                          2. For the SIP Digest Username, enter the digest user you just selected.
                                          Step 5   Select Save.
                                          Step 6   Select Apply Config.
                                          Step 7   Restart Cisco Jabber Voice and step through the setup wizard again.
                                          Step 8   On the Phone Services Settings screen, enter your SIP Digest Authentication credentials.

                                          This password is case sensitive.


                                          Set Up Cisco AnyConnect

                                          Cisco AnyConnect Secure Mobility Client is a VPN application that allows Cisco Jabber Voice to securely connect to your corporate network from a remote location using Wi-Fi or mobile data networks.

                                          If you deployed Cisco Jabber for Android with secure connect previously, see the "What's New" section of the Release Notes for Cisco Jabber for Android, Release 9.0(1), which can be found in the Release Notes list.


                                          Note


                                          Cisco does not guarantee the voice quality on noncorporate Wi-Fi networks or mobile data networks.


                                          To support the Cisco AnyConnect Secure Mobility Client, you must set up your system using the following procedures.

                                          1. Install and set up the Cisco Adaptive Security Appliance (ASA).
                                          2. Set up the ASA to support Cisco AnyConnect. Perform the following procedures in order:
                                            1. Provision Application Profiles
                                            2. Automate VPN Connection
                                            3. Set Up Certificate-Based Authentication
                                            4. Set ASA Session Parameters
                                            5. Set Up Tunnel Policies
                                          3. Set up the Unified CM to support Cisco AnyConnect by setting the Preset Wi-Fi Networks field. See Add User Device.

                                          Note


                                          Cisco supports Cisco Jabber Voice for Android with Cisco AnyConnect Secure Mobility Client. Although other VPN clients are not officially supported, you may be able to use Cisco Jabber Voice for Android with other VPN clients. If you use another VPN client, set up VPN as follows:

                                          1. Install and configure the VPN client using the relevant third-party documentation.
                                          2. Configure the Preset Wi-Fi Networks using the following procedure: Add User Device.

                                          Provision Application Profiles

                                          After users download the Cisco AnyConnect client to their device, the ASA must provision a configuration profile to the application.

                                          The configuration profile for the Cisco AnyConnect client includes VPN policy information such as the company ASA VPN gateways, the connection protocol (IPSec or SSL), and on-demand policies.

                                          Provision VPN Profiles on ASA

                                          Cisco recommends that you use the profile editor on the ASA Device Manager (ASDM) to define the VPN profile for the Cisco AnyConnect client.

                                          When you use this method, the VPN profile is automatically downloaded to the Cisco AnyConnect client after the client establishes the VPN connection for the first time. You can use this method for all devices and OS types, and you can manage the VPN profile centrally on the ASA.

                                          Use the following procedure to define a VPN profile.

                                          Procedure
                                          On the ASDM, choose Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile. For more information, see the "Creating and Editing an AnyConnect Client Profile Using the Integrated AnyConnect Profile Editor" procedure in the "Deploying the AnyConnect Secure Mobility Client" chapter of the Cisco AnyConnect Secure Mobility Client Administrator Guide for your release. A list of document versions can be found at http:/​/​www.cisco.com/​en/​US/​products/​ps10884.

                                          Automate VPN Connection

                                          When users open Cisco Jabber Voice from outside the corporate Wi-Fi network, Cisco Jabber Voice needs a VPN connection to access the Cisco UC application servers. You can set up the system to allow Cisco AnyConnect Secure Mobility Client to automatically establish a VPN connection in the background, which helps ensure a seamless user experience.

                                          Set Up Trusted Network Detection

                                          The Trusted Network Detection feature enhances the user experience by automating the VPN connection based on the user's location. When the user is inside the corporate Wi-Fi network, Cisco Jabber Voice for Android can reach the Cisco UC infrastructure directly. When the user leaves the corporate Wi-Fi network, Cisco Jabber Voice for Android automatically detects that it is outside the trusted network, and then indirectly initiates the VPN to ensure connectivity to the UC infrastructure.


                                          Note


                                          The Trusted Network Detection feature works with both certificate- and password-based authentication. However, certificate-based authentication provides the most seamless user experience.


                                          Procedure
                                            Step 1   Using ASDM, open the Cisco AnyConnect client profile.
                                            Step 2   Enter the list of Trusted DNS Servers and Trusted DNS Domain Suffixes that an interface can receive when the client is within a corporate Wi-Fi network.

                                            The Cisco AnyConnect client compares the current interface DNS servers and domain suffix with the settings in this profile.

                                            Note   

                                            You must specify all your DNS servers to ensure that the Trusted Network Detection feature works properly. If you set up both the TrustedDNSDomains and TrustedDNSServers, sessions must match both settings to be defined as a trusted network.

                                            For detailed steps for setting up Trusted Network Detection, see the "Trusted Network Detection" section in the "Configuring AnyConnect Features" chapter (Release 2.5) or "Configuring VPN Access" (Releases 3.0 or 3.1) of the Cisco AnyConnect Secure Mobility Client Administrator Guide for your release. A list of guides can be found here: http:/​/​www.cisco.com/​en/​US/​products/​ps10884/​products_​installation_​and_​configuration_​guides_​list.html.


                                            What to Do Next

                                            Set up the Unified CM to support Cisco AnyConnect by setting the Preset Wi-Fi Networks field. See Add User Device.

                                            Set Up Certificate-Based Authentication

                                            The Cisco AnyConnect client supports many authentication methods including Microsoft Active Directory/LDAP password, RADIUS-based one-time tokens, and certificates. Of these methods, client certificate authentication provides the most seamless experience.

                                            Set Up ASA for Certificate-Based Authentication

                                            ASA supports certificates issued by various standard Certificate Authority (CA) servers such as Cisco IOS CA, Microsoft Windows 2003, Windows 2008 R2, Entrust, VeriSign, and RSA Keon.

                                            The following procedure outlines the high-level steps for setting up the ASA for certificate-based authentication. For detailed information, see the "Configuring Digital Certificates" section of the "Configuring Access Control" chapter of the Cisco ASA 5500 Series Configuration Guide using ASDM, 6.4 and 6.6. This document can be found at the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps6120/​products_​installation_​and_​configuration_​guides_​list.html.

                                            Procedure
                                              Step 1   Import a root certificate from the CA to the ASA.
                                              Step 2   Generate an identity certificate for the ASA.
                                              Step 3   Use the ASA identity certificate for SSL authentication.
                                              Step 4   Configure a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP).
                                              Step 5   Configure the ASA to request client certificates for authentication.

                                              Distribute Client Certificates

                                              You must set up the system to ensure that you can issue certificates to users.

                                              Distribute Client Certificate Using SCEP

                                              ASA supports Simple Certificate Enrollment Protocol (SCEP) to simplify certificate distribution.

                                              The ASA can use SCEP to securely issue and renew a certificate that is used for client authentication. The following is a general overview of this process.

                                              1. The first time a remote user opens Cisco AnyConnect, the application authenticates the user with either Active Directory credentials or a one-time token password.
                                              2. After the client establishes the VPN, the ASA provides a client profile that includes the SCEP request.
                                              3. The Cisco AnyConnect client sends a certificate request and the Certificate Authority (CA) automatically accepts or denies the request.
                                              4. If the CA accepts the request:
                                                1. The certificate is installed in the native certificate store on the device.
                                                2. Cisco AnyConnect uses the certificate for authentication, and no longer prompts the user for a password when establishing subsequent VPN connections.
                                              Procedure
                                              For information about how to install the SCEP module on a Windows 2008 server and set up the ASA, see the ASA 8.X: AnyConnect SCEP Enrollment Configuration Example.

                                              Set ASA Session Parameters

                                              You can set session parameters on the ASA to define the user experience of Cisco AnyConnect Secure Mobility Client and Cisco Jabber Voice for Android after the VPN connection is established.

                                              ASA session parameters include the following:

                                              • DTLS: DTLS is a standards-based SSL protocol that provides a low-latency data path using UDP. DTLS allows the Cisco AnyConnect client to establish an SSL VPN connection that uses two simultaneous tunnels: an SSL tunnel and a DTLS tunnel. You can use DTLS to avoid latency and bandwidth problems, and to improve the performance of real-time applications such as Cisco Jabber Voice for Android that are sensitive to packet delays. If DTLS is configured and UDP is interrupted, the remote user's connection automatically falls back from DTLS to TLS. DTLS is enabled by default.
                                              • Session Persistence: This parameter allows the VPN session to recover from service disruptions and re-establish the connection. For example, as the user roams from one Wi-Fi network to another Wi-Fi or mobile data network, the Cisco AnyConnect client automatically resumes the VPN session. In addition, you can set up Cisco AnyConnect to re-establish the VPN session after the device resumes from standby, sleep, or hibernation mode.
                                              • Idle Timeout: The Idle Timeout (vpn-idle-timeout) is the time after which if there is no communication activity, the ASA terminates the VPN connection. A very short idle-timeout frequently disrupts the VPN connection and forces the user to re-establish VPN for every call. On the other hand, a large idle-timeout value results in too many concurrent sessions on the ASA. You can set up the Idle Timeout value by group policy.
                                              • Dead-Peer Detection (DPD): This parameter ensures that the ASA gateway or the Cisco AnyConnect client can quickly detect a condition where the peer is not responding and the connection failed. Cisco recommends that you:
                                                • Disable server-side DPD to ensure that the device can sleep. (If you enable this parameter, it prevents the device from sleeping.)
                                                • Enable client-side DPD because it allows the client to determine when the tunnel is terminated due to a lack of network connectivity.

                                              Set ASA Session Parameters

                                              Cisco recommends that you set up the ASA session parameters as follows to optimize the end user experience for Cisco AnyConnect Secure Mobility Client.
                                              Procedure
                                                Step 1   Set up Cisco AnyConnect to use DTLS.

                                                For information about how to set ASA session parameters, see the "Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections" section of the "Configuring AnyConnect Features Using ASDM" chapter of Cisco AnyConnect VPN Client Administrator Guide, Version 2.0. This document can be found at the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps10884/​prod_​maintenance_​guides_​list.html.

                                                Step 2   Set up session persistence (auto-reconnect).
                                                1. Use ASDM to open the VPN client profile.
                                                2. Set the Auto Reconnect Behavior parameter to Reconnect After Resume.

                                                For detailed information about how to set up session persistence, see the "Configuring Auto Reconnect" section in the "Configuring AnyConnect Features" chapter (Release 2.5) or "Configuring VPN Access" (Releases 3.0 or 3.1) of the Cisco AnyConnect Secure Mobility Client Administrator Guide for your release. The document for your release can be found at the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps10884/​products_​installation_​and_​configuration_​guides_​list.html.

                                                Step 3   Set the idle timeout value.
                                                1. Create a group policy that is specific to Jabber clients.
                                                2. Set the idle timeout value to 30 minutes.

                                                For detailed information about how to set the idle timeout value, see the "vpn-idle-timeout" section of the Cisco ASA 5580 Adaptive Security Appliance Command Reference for your release. The document for your release can be found at the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps6120/​prod_​command_​reference_​list.html.

                                                Step 4   Set up Dead Peer Detection (DPD).
                                                1. Disable server-side DPD.
                                                2. Enable client-side DPD.

                                                For detailed information about how to set up DPD, see the "Enabling and Adjusting Dead Peer Detection" subsection of the "Configuring VPN" chapter of the Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6. This document can be found in the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps6120/​products_​installation_​and_​configuration_​guides_​list.html.


                                                Set Up Tunnel Policies

                                                Use the following procedure to set up a tunnel policy that specifies how you want to direct traffic in the VPN tunnel.

                                                To set up tunnel policies, you must first determine which type of tunnel policy you want to use. Tunnel policies include the following:

                                                Full-Tunnel Policy

                                                This is the default tunnel policy. Use this policy if you want the most secure option for Cisco Jabber Voice and Cisco AnyConnect deployments. In case of Full-Tunnel, all the traffic from all the applications on the device is sent over the VPN tunnel to the ASA gateway. Optionally, you can enable the Local LAN Access feature to enable local printing and local network drive mapping.

                                                Split-Tunnel Policy

                                                Use this policy if you want to direct only Cisco Jabber Voice-specific traffic from your phone to the corporate network. This policy directs traffic based on destination subnets. You can specify which traffic goes over VPN (encrypted) and which traffic goes in the clear (unencrypted).

                                                An associated feature, Split-DNS, defines which DNS traffic to resolve over the VPN tunnel and which DNS traffic to handle with the endpoint DNS resolver.

                                                Split-Include Policy with Network ACL

                                                Use this policy if you want to:

                                                • Limit the traffic that is sent over the VPN tunnel due to bandwidth concerns.
                                                • Restrict the VPN session to the Cisco Jabber Voice application.

                                                You can use the Split-Include policy on the ASA to specify which traffic goes inside the VPN tunnel based on the destination IP address of the traffic.

                                                You must include the IP subnets of the Cisco Unified CM Cluster, Directory Server, and TFTP Server. Cisco Jabber Voice needs peer-to-peer media connections with any IP phone or computer phone on the corporate Wi-Fi network. Therefore, Cisco recommends that you include the corporate network IP address range in the Split-Include policy. This configuration may not be appropriate for all deployments (for example, if the IP space of your company is not contiguous because of acquisitions and other events).

                                                This policy directs all internal traffic into the tunnel, but can prevent cloud-based services such as Facebook and YouTube from entering the tunnel.


                                                Note


                                                All application data that is directed to the address range specified in the split-include policy is tunneled, so applications other than Cisco Jabber Voice also have access to the tunnel. To prevent other applications from using the corporate Wi-Fi network, you can apply a VPN filter (Network ACL) that further restricts the available ports.


                                                Split-Exclude Policy

                                                Use this policy if it is not practical to define the entire subnet required for Split-Include policies. You can use the Split-Exclude policy to prevent any known traffic from the VPN tunnel. For example, if you are concerned about bandwidth, you can add destination subnets for services like NetFlix, Hulu, or YouTube to your split-exclude list.

                                                After you determine which type of tunnel policy you want to use, see the "Configuring Split-Tunneling Attributes" section in the "Configuring Tunnel Groups, Group Policies, and Users" chapter of the Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6. This document can be found at the following location: http:/​/​www.cisco.com/​en/​US/​products/​ps6120/​products_​installation_​and_​configuration_​guides_​list.html.