Chapter 17 Configuring Virtual Private Networks
Configuring IOS for VPN client on IP phone
router#show ip interface brief (shows interfaces summary)
b.Configure static and default routes.
router(config)# ip route <dest_ip> < mask> < gateway_ip>
Example:
router(config)# ip route 10.10.10.0 255.255.255.0 192.168.1.1
Step 2 Generate and register the necessary certificates for Cisco Unified Communications Manager and IOS.
The following certificates need to be imported from the Cisco Unified Communications Manager.
•CallManager - Authenticating the Cisco UCM during TLS handshake (Only required for
•Cisco_Manufacturing_CA - Authenticating IP phones with a Manufacturer Installed Certificate (MIC).
•CAPF - Authenticating IP phones with an LSC.
To import these Cisco Unified Communications Manager certificates
a.From the Cisco Unified Communications Manager OS Administration web page.
b.Choose Security > Certificate Management. (Note: This location may change based on the UCM version)
c.Find the certificates Cisco_Manufacturing_CA and CAPF. Download the .pem file and save as .txt file
d.Create trustpoint on the IOS
Example:
hostname(config)# crypto pki trustpoint trustpoint_name
hostname(config)# crypto pki authenticate trustpoint
When prompted for base 64 encoded CA Certificate,
.pem file along with the BEGIN and END lines. Repeat the procedure for the other certificates
e.You should generate the following IOS
•Generate a
Example:
Router> enable
Router# configure terminal
Router(config)# crypto key generate rsa
Router(config)# crypto pki trustpoint <name>
•Generate a
Example:
Router> enable
Router# configure terminal
| Cisco Unified Communications Manager Security Guide |
|