Dear NetPro gurus,
One of my customer has recently upgraded their CUCM from 8.0 to 8.5. However, after the upgrade, we still can't find the VPN configuration settings on the LED screens of their 9971 phones.
Does anyone know how to activate the VPN Phone features for 9971??
CUCM ver:- 126.96.36.19900-26
9971 Phone Load:- sip9971.9-1-1SR1
I have spent a lot of time on this already but couldn't get anywhere, would be great if anyone can shed some light on this.
I don't believe the 9900 series is supported as of yet;
The VPN Client feature is supported on these SCCP phones:
•Cisco Unified IP Phone 7975G
•Cisco Unified IP Phone 7965G
•Cisco Unified IP Phone 7962G
•Cisco Unified IP Phone 7945G
•Cisco Unified IP Phone 7942G
IP Phone SSL VPN to ASA using AnyConnect
But I found that on the CUCM 8.5 New and change feature, it said that it nows supports 9971.
The VPN Client feature establishes a virtual private network (VPN) connection on your phone using the Secure Sockets Layer (SSL). The VPN connection is used when a phone is located outside a trusted network or when network traffic between the phone and Cisco Unified Communications Manager must cross untrusted networks.
The status of Auto-Detect Network Connection determines if a VPN connection is possible:
•If Auto-Detect Network Connection is disabled, a VPN connection is possible. The Sign In screen appears, and you are prompted for credentials based on the authentication method that your system administrator configured on your phone. (On the phone in the Applications > VPN window, you can toggle the VPN Enabled field to On or Off to turn on or off the phone's ability to attempt a VPN connection.)
•If Auto-Detect Network Connection is enabled, you cannot connect through VPN, so the Sign In screen does not appear, and you are not prompted for credentials.
The system administrator determines if the user's phone should be configured with the VPN functionality and enables the VPN Client feature.
These Cisco Unified IP Phones (SIP) support this feature:
•Cisco Unified IP Phone 8961
•Cisco Unified IP Phone 9951
•Cisco Unified IP Phone 9971
I'm trying to accomplish the same thing.
I will be upgrading my system from 7.1.3 to 8.5 next week.
I'm hoping you figure this out before me, but regardless I'll provide an update on my results.
Project Video VPN coming soon!
I finally got it working on a 9971 phone; biggest issue is you need the group-url in the tunnel-group for it to work. You also need to configure the VPN Gateway settings with this URL. The Certs need to be moved over too.
I recommend connecting to the URL below and validate the account you use and password. If the SSL tunnel is done write you PC should connect.
Remember your NAT and NO NAT settings. Here is an excerpt of the tunnel settings:
ip local pool VPN_ClientAccess_Pool 192.168.4.100-192.168.4.254 mask 255.255.255.0
! If you are doing RADIUS
aaa-server vpn (inside) host 10.50.0.100
aaa-server vpn (inside) host 10.50.0.101
svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2019-k9.pkg 2
! --- No Split Tunnel or DNS
group-policy SSL_VPN_Tunnel internal
group-policy SSL_VPN_Tunnel attributes
wins-server value 10.50.0.100 10.50.0.101
dns-server value 10.50.0.100 10.50.0.101
default-domain value plaza.local
tunnel-group SSL_VPN_Tunnel type remote-access
tunnel-group SSL_VPN_Tunnel general-attributes
authentication-server-group vpn LOCAL
tunnel-group SSL_VPN_Tunnel webvpn-attributes
group-alias SSL_VPN_Tunnel enable