McDewey

show activation-key detail b) If necessary, obtain a new license with additional SSL VPN sessions and enable the Linksys phone. Step 4 Make sure that you configure a tunnel-group with a non-default URL as follows: tunnel-group phonevpn type remote-access tunnel-group phonevpn general-attribute address-pool vpnpool tunnel-group phonevpn webvpn-attributes group-url https://172.18.254.172/phonevpn enable Consider the following when configuring non-default URL: • If the IP address of the ASA has a public DNS entry, you can replace it with a Fully Qualified Domain Name (FQDN). • You can only use a single URL (FQDN or IP address) on the VPN gateway in Unified Communications Manager. • It is preferred to have the certificate CN or subject alternate name match the FQDN or IP address in the group-url. • If the ASA certificate CN or SAN does not match with the FQDN or IP address, uncheck the host ID check box in the Unified Communications Manager. Configure ASA for VPN Client on IP Phone Use this procedure to configure ASA for VPN Client on IP Phone. Replacing ASA certificates results in non-availability of Unified Communications Manager. Note Procedure Step 1 Local configuration a) Configure network interface. Example: ciscoasa(config)# interface Ethernet0/0 ciscoasa(config-if)# nameif outside ciscoasa(config-if)# ip address 10.89.79.135 255.255.255.0 ciscoasa(config-if)# duplex auto ciscoasa(config-if)# speed auto ciscoasa(config-if)# no shutdown ciscoasa#show interface ip brief (shows interfaces summary) b) Configure static routes and default routes. ciscoasa(config)# route <interface_name> <ip_address> <netmask> <gateway_ip> Example: ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 10.89.79.129 c) Configure the DNS. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 285 Advanced System Security Configure ASA for VPN Client on IP Phone