Chapter. - Cisco 8800 Series Administration Manual

VPN Configuration
Related Topics
Cisco Unified Communications Manager Documentation, on page xvii
VPN Configuration
The Cisco VPN feature helps you to preserve network security while giving users a safe, reliable method to
connect to your corporate network. Use this feature when:
• A phone is located outside a trusted network
• Network traffic between the phone and Cisco Unified Communications Manager crosses an untrusted
With a VPN, there are three common approaches to client authentication:
• Digital certificates
• Passwords
• Username and password
Each method has its advantages. But if your corporate security policy permits it, we recommend a
certificate-based approach because certificates allow for a seamless sign-in without any user intervention.
Both LSC and MIC certificates are supported.
To configure any of the VPN features, provision the device on-premise first and then you can deploy the
device off-premise.
For more information about certification authentication and working with VPN network, see the Technical
Note AnyConnect VPN Phone with Certificate Authentication on an ASA Configuration Example. The URL
for this document is
unified-communications-manager-callmanager/115785-anyconnect-vpn-00.html.
With a password, or username and password approach a user is prompted for sign-in credentials. Set the user
sign-in credentials in accordance with your company security policy. You can also configure the Enable
Password Persistence setting so that the user password is saved on the phone. The user password is saved
until either a failed log-in attempt occurs, a user manually clears the password, or the phone resets or loses
power.
Another useful tool is the Enable Auto Network Detection setting. When you enable this check box, the VPN
client can only run when it detects that it is outside the corporate network. This setting is disabled by default.
For additional information about maintaining, configuring, and operating a virtual private network with a
VPN, see Security Guide for Cisco Unified Communications Manager, "Virtual Private Network Setup"
chapter. The URL for this document is
unified-communications-manager-callmanager/products-maintenance-guides-list.html.
The Cisco VPN feature uses Secure Sockets Layer (SSL) to preserve network security.
Note Enter the Alternate TFTP server setting when you're configuring an off-premises phone for SSL VPN to
ASA using a built-in client.
Cisco IP Phone 8800 Series Administration Guide for Cisco Unified Communications Manager
240
network
http://www.cisco.com/c/en/us/support/docs/unified-communications/
http://www.cisco.com/c/en/us/support/unified-communications/