McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 305

↗ View in doc context
page
305
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::306

Example: ciscoasa(config)# crypto ca export <name> identity-certificate Copy the text from the terminal and save it as a.pem file and upload it to Unified Communications Manager. Step 3 Configure the VPN feature. You can use the Sample ASA configuration summary below to guide you with the configuration. Note To use the phone with both certificate and password authentication, create a user with the phone MAC address. Username matching is case sensitive. For example: ciscoasa(config)# username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted ciscoasa(config)# username CP-7975G-SEP001AE2BC16CB attributes ciscoasa(config-username)# vpn-group-policy GroupPhoneWebvpn ciscoasa(config-username)#service-type remote-access ASA Certificate Configuration For more information on ASA certificate configuration, see Configure AnyConnect VPN Phone with Certificate Authentication on an ASA Upload VPN Concentrator Certificates Generate a certificate on the ASA when you set it up to support the VPN feature. Download the generated certificate to your PC or workstation and then upload it to Unified Communications Manager using the procedure in this section. Unified Communications Manager saves the certificate in the Phone-VPN-trust list. The ASA sends this certificate during the SSL handshake, and the Cisco Unified IP Phone compares it against the values stored in the Phone-VPN-trust list. If a Locally Significant Certificate (LSC) is installed on the Cisco Unified IP Phone, it will send its LSC by default. To use device level certificate authentication, install the root MIC or CAPF certificate in the ASA, so that the Cisco Unified IP Phone are trusted. To upload certificates to Unified Communications Manager, use the Cisco Unified OS Administration. Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Click Upload Certificate. Step 3 From the Certificate Purpose drop-down list, choose Phone-VPN-trust. Step 4 Click Browse to choose the file that you want to upload. Step 5 Click Upload File. Step 6 Choose another file to upload or click Close. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 287 Advanced System Security Upload VPN Concentrator Certificates