cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8887
Views
5
Helpful
6
Replies

9971 as VPN phone on CUCM 8.5

huntlee
Level 1
Level 1

Dear NetPro gurus,

One of my customer has recently upgraded their CUCM from 8.0 to 8.5.  However, after the upgrade, we still can't find the VPN configuration settings on the LED screens of their 9971 phones.

Does anyone know how to activate the VPN Phone features for 9971??

CUCM ver:-            8.5.1.10000-26
9971 Phone Load:- sip9971.9-1-1SR1

I have spent a lot of time on this already but couldn't get anywhere, would be great if anyone can shed some light on this.

Cheers,
Hunt

6 Replies 6

Rob Huffman
Hall of Fame
Hall of Fame

Hi Hunt,

I don't believe the 9900 series is supported as of yet;

The VPN Client feature is supported on these SCCP phones:

•Cisco Unified IP Phone 7975G

•Cisco Unified IP Phone 7965G

•Cisco Unified IP Phone 7962G

•Cisco Unified IP Phone 7945G

•Cisco Unified IP Phone 7942G

http://www.cisco.com/en/US/customer/docs/voice_ip_comm/cucmbe/rel_notes/8_0_1/delta/phones.html#wp1489245


IP Phone SSL VPN to ASA using AnyConnect

https://supportforums.cisco.com/docs/DOC-9124

Cheers!

Rob

Hi Rob,

But I found that on the CUCM 8.5 New and change feature, it said that it nows supports 9971.

http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/rel_notes/8_5_1/delta/delta.html

VPN Client

The VPN Client feature establishes a virtual private network (VPN) connection on your phone using the Secure Sockets Layer (SSL). The VPN connection is used when a phone is located outside a trusted network or when network traffic between the phone and Cisco Unified Communications Manager must cross untrusted networks.


The status of Auto-Detect Network Connection determines if a VPN connection is possible:


•If Auto-Detect Network Connection is disabled, a VPN connection is possible. The Sign In screen appears, and you are prompted for credentials based on the authentication method that your system administrator configured on your phone. (On the phone in the Applications > VPN window, you can toggle the VPN Enabled field to On or Off to turn on or off the phone's ability to attempt a VPN connection.)


•If Auto-Detect Network Connection is enabled, you cannot connect through VPN, so the Sign In screen does not appear, and you are not prompted for credentials.

The system administrator determines if the user's phone should be configured with the VPN functionality and enables the VPN Client feature.


These Cisco Unified IP Phones (SIP) support this feature:


•Cisco Unified IP Phone 8961


•Cisco Unified IP Phone 9951


•Cisco Unified IP Phone 9971


Cheers,

Hunt

I'm trying to accomplish the same thing.

I will be upgrading my system from 7.1.3 to 8.5 next week.


I'm hoping you figure this out before me, but regardless I'll provide an update on my results.

Project Video VPN coming soon!

Where you all ever able to get 9971 VPN phone client working on UCM 8.5?

I finally got it working on a 9971 phone; biggest issue is you need the group-url in the tunnel-group for it to work. You also need to configure the VPN Gateway settings with this URL. The Certs need to be moved over too.

I recommend connecting to the URL below and validate the account you use and password. If the SSL tunnel is done write you PC should connect.

Remember your NAT and NO NAT settings. Here is an excerpt of the tunnel settings:

ip local pool VPN_ClientAccess_Pool 192.168.4.100-192.168.4.254 mask 255.255.255.0

!

! If you are doing RADIUS

!

aaa-server vpn (inside) host 10.50.0.100
key XXXXXXX

radius-common-pw XXXXXXX
aaa-server vpn (inside) host 10.50.0.101
key XXXXX
radius-common-pw XXXXXX

webvpn
enable WAN
enable backup
svc enable
svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2019-k9.pkg 2
tunnel-group-list enable

!

! --- No Split Tunnel or DNS

!

group-policy SSL_VPN_Tunnel internal
group-policy SSL_VPN_Tunnel attributes
wins-server value 10.50.0.100 10.50.0.101
dns-server value 10.50.0.100 10.50.0.101
vpn-tunnel-protocol svc
default-domain value plaza.local

tunnel-group SSL_VPN_Tunnel type remote-access
tunnel-group SSL_VPN_Tunnel general-attributes
address-pool VPN_ClientAccess_Pool
authentication-server-group vpn LOCAL
default-group-policy SSL_VPN_Tunnel
tunnel-group SSL_VPN_Tunnel webvpn-attributes
radius-reject-message
group-alias SSL_VPN_Tunnel enable
group-url https://XXX.XXX.XXX.XXX/SSL_VPN_Tunnel

The link on this one answered all my questions regarding the Phone VPN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: