02-01-2011 08:25 PM - edited 03-16-2019 03:13 AM
Dear NetPro gurus,
One of my customer has recently upgraded their CUCM from 8.0 to 8.5. However, after the upgrade, we still can't find the VPN configuration settings on the LED screens of their 9971 phones.
Does anyone know how to activate the VPN Phone features for 9971??
CUCM ver:- 8.5.1.10000-26
9971 Phone Load:- sip9971.9-1-1SR1
I have spent a lot of time on this already but couldn't get anywhere, would be great if anyone can shed some light on this.
Cheers,
Hunt
02-02-2011 06:00 AM
Hi Hunt,
I don't believe the 9900 series is supported as of yet;
The VPN Client feature is supported on these SCCP phones:
•Cisco Unified IP Phone 7975G
•Cisco Unified IP Phone 7965G
•Cisco Unified IP Phone 7962G
•Cisco Unified IP Phone 7945G
•Cisco Unified IP Phone 7942G
IP Phone SSL VPN to ASA using AnyConnect
https://supportforums.cisco.com/docs/DOC-9124
Cheers!
Rob
02-04-2011 04:42 AM
Hi Rob,
But I found that on the CUCM 8.5 New and change feature, it said that it nows supports 9971.
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/rel_notes/8_5_1/delta/delta.html
VPN Client
The VPN Client feature establishes a virtual private network (VPN) connection on your phone using the Secure Sockets Layer (SSL). The VPN connection is used when a phone is located outside a trusted network or when network traffic between the phone and Cisco Unified Communications Manager must cross untrusted networks.
The status of Auto-Detect Network Connection determines if a VPN connection is possible:
•If Auto-Detect Network Connection is disabled, a VPN connection is possible. The Sign In screen appears, and you are prompted for credentials based on the authentication method that your system administrator configured on your phone. (On the phone in the Applications > VPN window, you can toggle the VPN Enabled field to On or Off to turn on or off the phone's ability to attempt a VPN connection.)
•If Auto-Detect Network Connection is enabled, you cannot connect through VPN, so the Sign In screen does not appear, and you are not prompted for credentials.
The system administrator determines if the user's phone should be configured with the VPN functionality and enables the VPN Client feature.
These Cisco Unified IP Phones (SIP) support this feature:
•Cisco Unified IP Phone 8961
•Cisco Unified IP Phone 9951
•Cisco Unified IP Phone 9971
Cheers,
Hunt
02-25-2011 03:56 PM
I'm trying to accomplish the same thing.
I will be upgrading my system from 7.1.3 to 8.5 next week.
I'm hoping you figure this out before me, but regardless I'll provide an update on my results.
Project Video VPN coming soon!
05-12-2011 11:17 AM
Where you all ever able to get 9971 VPN phone client working on UCM 8.5?
05-24-2011 01:10 PM
I finally got it working on a 9971 phone; biggest issue is you need the group-url in the tunnel-group for it to work. You also need to configure the VPN Gateway settings with this URL. The Certs need to be moved over too.
I recommend connecting to the URL below and validate the account you use and password. If the SSL tunnel is done write you PC should connect.
Remember your NAT and NO NAT settings. Here is an excerpt of the tunnel settings:
ip local pool VPN_ClientAccess_Pool 192.168.4.100-192.168.4.254 mask 255.255.255.0
!
! If you are doing RADIUS
!
aaa-server vpn (inside) host 10.50.0.100
key XXXXXXX
radius-common-pw XXXXXXX
aaa-server vpn (inside) host 10.50.0.101
key XXXXX
radius-common-pw XXXXXX
webvpn
enable WAN
enable backup
svc enable
svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2019-k9.pkg 2
tunnel-group-list enable
!
! --- No Split Tunnel or DNS
!
group-policy SSL_VPN_Tunnel internal
group-policy SSL_VPN_Tunnel attributes
wins-server value 10.50.0.100 10.50.0.101
dns-server value 10.50.0.100 10.50.0.101
vpn-tunnel-protocol svc
default-domain value plaza.local
tunnel-group SSL_VPN_Tunnel type remote-access
tunnel-group SSL_VPN_Tunnel general-attributes
address-pool VPN_ClientAccess_Pool
authentication-server-group vpn LOCAL
default-group-policy SSL_VPN_Tunnel
tunnel-group SSL_VPN_Tunnel webvpn-attributes
radius-reject-message
group-alias SSL_VPN_Tunnel enable
group-url https://XXX.XXX.XXX.XXX/SSL_VPN_Tunnel
05-14-2012 09:22 AM
The link on this one answered all my questions regarding the Phone VPN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: