The VPN Feature Configuration window contains the common configuration settings for the VPN feature that the system uses when you do not associate a VPN Profile with a Common Phone Profile. If you define a VPN Profile as part of configuring a Common Phone Profile, the VPN Profile settings take precedence over the VPN Feature Configuration settings.
VPN Feature Configuration Parameters
To edit the VPN feature configuration parameters, follow this procedure:
Step 1 In Cisco Unified Communications Manager Administration, choose Advanced Features > VPN > VPN Feature Configuration.
The VPN Feature Configuration Window Displays.
Step 2 Accept the suggested values or enter a new value, as described in Table 19-1.
Step 3 Click Save.
Table 19-1 VPN Feature Configuration Parameters
Enable Auto Network Detect
When True, the VPN client can only run when it detects that it is out of the corporate network.
This field specifies the maximum transmission unit:
Default: 1290 bytes
Minimum: 256 bytes
Maximum: 1406 bytes
This field specifies the rate at which the system sends the keep-alive message.
Note If it is non-zero and less than the value specified in Cisco Unified Communications Manager, the keep-alive setting in the VPN concentrator overwrites this setting.
Default: 60 seconds
Maximum: 120 seconds
Fail to Connect
This field specifies the amount of time to wait for log-in or connect operations to complete while the system creates the VPN tunnel.
Default: 30 seconds
Maximum: 600 seconds
Client Authentication Method
From the drop-down list, choose the client authentication method:
•User and password
•Certificate (LSC or MIC)
Default: User And Password
Enable Password Persistence
When True, a user password gets saved in the phone until either a failed log-in attempt occurs, a user manually clears the password, or the phone resets or loses power.
Enable Host ID Check
When True, the gateway certificate subjectAltName or CN must match the URL to which the VPN client is connected.