Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

9971 as VPN phone on CUCM 8.5

Dear NetPro gurus,

One of my customer has recently upgraded their CUCM from 8.0 to 8.5.  However, after the upgrade, we still can't find the VPN configuration settings on the LED screens of their 9971 phones.

Does anyone know how to activate the VPN Phone features for 9971??

CUCM ver:-  
9971 Phone Load:- sip9971.9-1-1SR1

I have spent a lot of time on this already but couldn't get anywhere, would be great if anyone can shed some light on this.


Hall of Fame Super Red

Re: 9971 as VPN phone on CUCM 8.5

Hi Hunt,

I don't believe the 9900 series is supported as of yet;

The VPN Client feature is supported on these SCCP phones:

•Cisco Unified IP Phone 7975G

•Cisco Unified IP Phone 7965G

•Cisco Unified IP Phone 7962G

•Cisco Unified IP Phone 7945G

•Cisco Unified IP Phone 7942G

IP Phone SSL VPN to ASA using AnyConnect



Community Member

Re: 9971 as VPN phone on CUCM 8.5

Hi Rob,

But I found that on the CUCM 8.5 New and change feature, it said that it nows supports 9971.

VPN Client

The VPN Client feature establishes a virtual private network (VPN) connection on your phone using the Secure Sockets Layer (SSL). The VPN connection is used when a phone is located outside a trusted network or when network traffic between the phone and Cisco Unified Communications Manager must cross untrusted networks.

The status of Auto-Detect Network Connection determines if a VPN connection is possible:

•If Auto-Detect Network Connection is disabled, a VPN connection is possible. The Sign In screen appears, and you are prompted for credentials based on the authentication method that your system administrator configured on your phone. (On the phone in the Applications > VPN window, you can toggle the VPN Enabled field to On or Off to turn on or off the phone's ability to attempt a VPN connection.)

•If Auto-Detect Network Connection is enabled, you cannot connect through VPN, so the Sign In screen does not appear, and you are not prompted for credentials.

The system administrator determines if the user's phone should be configured with the VPN functionality and enables the VPN Client feature.

These Cisco Unified IP Phones (SIP) support this feature:

•Cisco Unified IP Phone 8961

•Cisco Unified IP Phone 9951

•Cisco Unified IP Phone 9971



Community Member

Re: 9971 as VPN phone on CUCM 8.5

I'm trying to accomplish the same thing.

I will be upgrading my system from 7.1.3 to 8.5 next week.

I'm hoping you figure this out before me, but regardless I'll provide an update on my results.

Project Video VPN coming soon!

Community Member

Re: 9971 as VPN phone on CUCM 8.5

Where you all ever able to get 9971 VPN phone client working on UCM 8.5?

Community Member

Re: 9971 as VPN phone on CUCM 8.5

I finally got it working on a 9971 phone; biggest issue is you need the group-url in the tunnel-group for it to work. You also need to configure the VPN Gateway settings with this URL. The Certs need to be moved over too.

I recommend connecting to the URL below and validate the account you use and password. If the SSL tunnel is done write you PC should connect.

Remember your NAT and NO NAT settings. Here is an excerpt of the tunnel settings:

ip local pool VPN_ClientAccess_Pool mask


! If you are doing RADIUS


aaa-server vpn (inside) host

radius-common-pw XXXXXXX
aaa-server vpn (inside) host
radius-common-pw XXXXXX

enable WAN
enable backup
svc enable
svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2019-k9.pkg 2
tunnel-group-list enable


! --- No Split Tunnel or DNS


group-policy SSL_VPN_Tunnel internal
group-policy SSL_VPN_Tunnel attributes
wins-server value
dns-server value
vpn-tunnel-protocol svc
default-domain value plaza.local

tunnel-group SSL_VPN_Tunnel type remote-access
tunnel-group SSL_VPN_Tunnel general-attributes
address-pool VPN_ClientAccess_Pool
authentication-server-group vpn LOCAL
default-group-policy SSL_VPN_Tunnel
tunnel-group SSL_VPN_Tunnel webvpn-attributes
group-alias SSL_VPN_Tunnel enable
group-url https://XXX.XXX.XXX.XXX/SSL_VPN_Tunnel

Community Member

9971 as VPN phone on CUCM 8.5

The link on this one answered all my questions regarding the Phone VPN.

CreatePlease to create content