Cisco Systems OL-24124-01 manual ASA configuration requirements, 17-9

Chapter 17 Configuring Virtual Private Networks

ASA configuration requirements

authentication certificate ca trustpoint CiscoMfgCert inservice

!

end

ASA configuration requirements

Before you create an ASA configuration for VPN client on IP phone, complete the following steps:

Step 1 Install ASA software (version 8.0.4 or later) and compatible ASDM

Step 2 Install a compatible anyconnect package

Step 3 Activate License

a.Show features of the current license. show activation-key detail

b.For a new license with additional SSL VPN sessions and Linksys phone enabled, visit http://www.cisco.com/go/license. Select “Any Connect Cisco VPN phone” license to support the VPN feature.

Configuring ASA for VPN client on IP phone

Perform the following steps to configure ASA for VPN client on IP phone.

Step 1 Local configuration

a.Configure network interface.

Example:

router(config)# interface GigabitEthernet0/0 router(config-if)#description "outside interface" router(config-if)#ip address 10.1.1.1 255.255.255.0 router(config-if)#duplex auto router(config-if)#speed auto router(config-if)#no shutdown

router#show ip interface brief (shows interfaces summary)

b.Configure static routes and default routes. router(config)# ip route <dest_ip> <mask> <gateway_ip>

Example:

router(config)# ip route 10.10.10.0 255.255.255.0 192.168.1.1

c.Configure the DNS.

Example:

hostname(config)# dns domain-lookup inside hostname(config)# dns server-group DefaultDNS

hostname(config-dns-server-group)#name-server 10.1.1.5 192.168.1.67 209.165.201.6

Step 2 Generate and register the necessary certificates for Cisco Unified Communications Manager and IOS. The following certificates need to be imported from the Cisco Unified Communications Manager.