McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 301

↗ View in doc context
page
301
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::302

Configure Cisco IOS SSL VPN to Support IP Phones Use this procedure to complete Cisco IOS SSL VPN to Support IP Phones. Procedure Step 1 Configure Cisco IOS locally. a) Configure the Network Interface. Example: router(config)# interface GigabitEthernet0/0 router(config-if)# description "outside interface" router(config-if)# ip address 10.1.1.1 255.255.255.0 router(config-if)# duplex auto router(config-if)# speed auto router(config-if)# no shutdown router#show ip interface brief (shows interfaces summary) b) Configure static and default routes by using this command: router(config)# ip route <dest_ip> < mask> < gateway_ip> Example: router(config)# ip route 10.10.10.0 255.255.255.0 192.168.1.1 Step 2 Generate and register the CAPF certificate to authenticate the IP phones with an LSC. Step 3 Import the CAPF certificate from Unified Communications Manager. a) From the Cisco Unified OS Administration, choose Security > Certificate Management. Note This location changes based on the Unified Communications Manager version. b) Find the Cisco_Manufacturing_CA and CAPF certificates. Download the.pem file and save as.txt file. c) Create trustpoint on the Cisco IOS software. hostname(config)# crypto pki trustpoint trustpoint_name hostname(config-ca-trustpoint)# enrollment terminal hostname(config)# crypto pki authenticate trustpoint When prompted for the base 64-encoded CA certificate, copy and paste the text in the downloaded .pem file along with the BEGIN and END lines. Repeat the procedure for the other certificates. d) Generate the following Cisco IOS self-signed certificates and register them with Unified Communications Manager, or replace with a certificate that you import from a CA. • Generate a self-signed certificate. Router> enable Router# configure terminal Router(config)# crypto key generate rsa general-keys label <name> <exportable -optional>Router(config)# crypto pki trustpoint <name> Router(ca-trustpoint)# enrollment selfsigned Router(ca-trustpoint)# rsakeypair <name> 2048 2048 Router(ca-trustpoint)#authorization username subjectname commonname Router(ca-trustpoint)# crypto pki enroll <name> Router(ca-trustpoint)# end Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 283 Advanced System Security Configure Cisco IOS SSL VPN to Support IP Phones