Filter
Top Products
17-9
Cisco Unified Communications Manager Security Guide
OL-24124-01
Chapter 17 Configuring Virtual Private Networks
ASA configuration requirements
authentication certificate
ca trustpoint CiscoMfgCert
inservice
!
end
ASA configuration requirements
Before you create an ASA configuration for VPN client on IP phone, complete the following steps:
Step 1 Install ASA software (version 8.0.4 or later) and compatible ASDM
Step 2 Install a compatible anyconnect package
Step 3 Activate License
a. Show features of the current license.
show activation-key detail
b. For a new license with additional SSL VPN sessions and Linksys phone enabled, visit
http://www.cisco.com/go/license. Select “Any Connect Cisco VPN phone” license to support the
VPN feature.
Configuring ASA for VPN client on IP phone
Perform the following steps to configure ASA for VPN client on IP phone.
Step 1 Local configuration
a. Configure network interface.
Example:
router(config)# interface GigabitEthernet0/0
router(config-if)# description "outside interface"
router(config-if)# ip address 10.1.1.1 255.255.255.0
router(config-if)# duplex auto
router(config-if)# speed auto
router(config-if)# no shutdown
router#show ip interface brief (shows interfaces summary)
b. Configure static routes and default routes.
router(config)# ip route <dest_ip> <mask> <gateway_ip>
Example:
router(config)# ip route 10.10.10.0 255.255.255.0 192.168.1.1
c. Configure the DNS.
Example:
hostname(config)# dns domain-lookup inside
hostname(config)# dns server-group DefaultDNS
hostname(config-dns-server-group)# name-server 10.1.1.5 192.168.1.67 209.165.201.6
Step 2 Generate and register the necessary certificates for Cisco Unified Communications Manager and IOS.
The following certificates need to be imported from the Cisco Unified Communications Manager.