17-5
Cisco Unified Communications Manager Security Guide
OL-24124-01
Chapter 17 Configuring Virtual Private Networks
Sample IOS configuration summary
Router(config)# crypto key generate rsa general-keys label <name> <exportable
-optional>
Router(config)# crypto pki trustpoint <name>
Router(ca-trustpoint)# enrollment selfsigned
Router(config-ca-trustpoint)# fqdn <full domain name>
Router(config-ca-trustpoint)# subject-name CN=<full domain name>, CN=<IP>
Router(ca-trustpoint)#authorization username subjectname commonname
Router(ca-trustpoint)# crypto pki enroll <name>
Router(ca-trustpoint)# end
• Register the generated certificate with Cisco Unified Communications Manager.
Example:
Router(config)# crypto pki export <name> pem terminal
Copy the text from the terminal and save it as a .pem file and upload it to the Managing
Certificate part of the CUCM.
Step 3 Install Anyconnect on IOS.
Download anyconnect package from cisco.com and install to flash
Example:
router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg
Step 4 Configure the VPN feature. You can use the Sample IOS configuration summary bellow to guide you
with the configuration.
Note To use the phone with both certificate and password authentication, create a user with the phone MAC
address. Username matching is case sensitive. For example:
username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted
Sample IOS configuration summary
You can use the following sample IOS configuration for VPN client on IP phone as a general guideline
to creating your own configurations. The configuration entries can change over time.
Current configuration : 4648 bytes
!
! Last configuration change at 13:48:28 CDT Fri Mar 19 2010 by test
!
version 15.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
!
! hostname of the IOS
hostname vpnios
!
boot-start-marker
! Specifying the image to be used by IOS – boot image
boot system flash c2800nm-advsecurityk9-mz.152-1.4.T
boot-end-marker
!
!
logging buffered 21474836
!
