McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 133

↗ View in doc context
page
133
source
cucm/v15/feature-config-guide/feature-config-guide.md
chunk_id
cucm::v15::feature-config-guide::feature-config-guide::88

When prompted for base 64 encoded CA Certificate, copy-paste the text in the downloaded .pem file along with the BEGIN and END lines. Repeat the procedure for the other certificates. d) Generate the following ASA self-signed certificates and register them with Unified Communications Manager, or replace with a certificate that you import from a CA. • Generate a self-signed certificate. Example: ciscoasa> enable ciscoasa# configure terminal ciscoasa(config)# crypto key generate rsa general-keys label <name> ciscoasa(config)# crypto ca trustpoint <name> ciscoasa(ca-trustpoint)# enrollment self ciscoasa(ca-trustpoint)# keypair <name> ciscoasa(config)# crypto ca enroll <name> ciscoasa(config)# end • Generate a self-signed certificate with Host-id check enabled on the VPN profile in Unified Communications Manager. Example: ciscoasa> enable ciscoasa# configure terminal ciscoasa(config)# crypto key generate rsa general-keys label <name> ciscoasa(config)# crypto ca trustpoint <name> ciscoasa(ca-trustpoint)# enrollment self ciscoasa(ca-trustpoint)# fqdn <full domain name> ciscoasa(config-ca-trustpoint)# subject-name CN=<full domain name>,CN=<IP> ciscoasa(config)# crypto ca enroll <name> ciscoasa(config)# end • Register the generated certificate with Unified Communications Manager. Example: ciscoasa(config)# crypto ca export <name> identity-certificate Copy the text from the terminal and save it as a.pem file and upload it to Unified Communications Manager. Step 3 Configure the VPN feature. You can use the Sample ASA configuration summary below to guide you with the configuration. Note To use the phone with both certificate and password authentication, create a user with the phone MAC address. Username matching is case sensitive. For example: ciscoasa(config)# username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted ciscoasa(config)# username CP-7975G-SEP001AE2BC16CB attributes ciscoasa(config-username)# vpn-group-policy GroupPhoneWebvpn ciscoasa(config-username)#service-type remote-access Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 91 Remote Network Access Configure ASA for VPN Client on IP Phone