12-15-2009 10:12 AM - edited 03-21-2019 01:55 AM
Is there an updated guide for the SPA525G that can explain how to use the new features such as the SSL VPN?
For example, what is the correct format of entering the "VPN Server"? is it just an IP address? https://? what are the requirements? is a certificate a requirement?
12-16-2009 05:53 AM
Why not use the VPN setup Wizard included in CCA 2.2?
Marcos
12-17-2009 06:19 AM
Does the wizard also step you through on how to connect a SPA525G to the system?
12-17-2009 08:33 AM
Yes, it configures everything on the SPA525G phone.
12-17-2009 12:02 PM
Marcos, Thanks for the info. I will try the wizard.
02-09-2010 01:05 PM
I am working on setting this up in our office to take the 525G to a site for a demo. The phone will get plugged into their network and come up as an extension on our system. That is the way it is intended to work. The problem is we have a 3rd party firewall in the mix. The WAN port of the UC500 has an IP on the LAN side (10.10.2.20) of the 3rd party firewall. There is a public IP mapped to the UC500 WAN private IP through the firewall. I am guessing when the 525G gets plugged in remotely, it will try to connect to the 10.10.2.20 instead of the mapped public IP. Can I change the phone to point to the other address?
04-08-2010 05:00 PM
Is it possible to use the SPA525G's internal VPN capabilities when the UC520's external/WAN IP address is not static? My WAN IP is obtained from our ISP via DHCP, and I in turn use DDNS to ensure that the DNS name is current.
Tried using CCA 2.2(2) with UC SW Pack 8.0(2) Phone VPN Wizard, and it didn't like the DHCP WAN. Is there some CLI workaround to configure SSLVPN using a hostname (DDNS) to define the UC520 head-end? Don't see why it wouldn't be possible to then configure the SPA525G with a hostname instead of static WAN IP to allow itself to call home and setup the voice connection.
Thanks, Kirk
04-09-2010 08:44 AM
Has anyone successfully authenticated a SPA525G's SSL VPN to any other devices besides the UC500?
For example, in my setup, I have a Cisco ASA 5505 as our firewall/gateway. I can't seem to get the phone to establish a VPN connectivity on the ASA 5505..
04-13-2010 03:37 PM
This phone has only been tested against UC500 inside Cisco, using SSL VPN Server with a static IP.
Thanks,
Marcos
05-11-2010 07:47 PM
I'm currently having the same issue, I can't get my SPA525G IP Phone to connect with my Cisco ASA 5510 with an AIP-SSM10 module externally using the SSL VPN. Has anyone been able to successfully connect a SPA525G IP phone using the SSL VPN to a Cisco ASA firewall?
05-27-2010 04:06 AM
In a recent ASA lab I brought the SPA525G and successfully connected the SSL tunnel to a ASA 5505.
As i do not have access to the ASA anymore I can't give you the details but it worked.
07-03-2010 04:42 PM
I was able to get the SPA525G phone to connect remotely to our network using SSL VPN, the primary document I used to get it to work was found at https://supportforums.cisco.com/docs/DOC-9124. Because networks are not all created out of the same mold there were some modifications I had to make to get the solution to work in my network. The primary item I was missing was creating a dedicated Tunnel Group on the ASA which Tunnels all traffic (no split-tunneling). Also on the SPA525G I had to input the fully qualified name of the VPN server, including the tunnel group name (i.e. https://mytest.test.com/PhoneTunnel instead of just the URL of the outside interface of the ASA). In my case I also had to manually setup the SPA525G phone to use SCCP rather than the default SIP. I disregarded this SCCP setting at first because I had the setting enabled which auto detects SCCP, but I may have understood that out of context. I'm not an expert by any means on the SPA525G IP Phone, my successes have come from trial and error and a strong understanding of the ASA firewall.
07-07-2010 08:21 AM
Hey Corey,
Thanks for your info. I read over the documents and it mentions that "AnyConnect for Cisco VPN Phone" license must be enabled on the ASA. I'm running 8.2(1) and I do not see that licensing option when I run a show ver. Do you have that option?
07-07-2010 11:13 AM
Got it working. Had to create a new vpn tunnel-group dedicated for this purpose w/o any split tunneling.. added a url and it worked great. thanks.
06-10-2011 07:15 AM
Marcos,
I know it has only been tested with a static, but some ISP's here use DHCP reservation for giving out "Statics", is there a way around this as a customer of ours uses this ISP and they have several 525's they want to use for Teleworkers.
Thanks in advance,
Bob James
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide