beautypg.com

Cisco OL-24124-01 User Manual

Page 14

background image

17-14

Cisco Unified Communications Manager Security Guide

OL-24124-01

Chapter 17 Configuring Virtual Private Networks

Sample ASA configuration summary

!--- Group-policy

group-policy GroupPhoneWebvpn internal

group-policy GroupPhoneWebvpn attributes

banner none

vpn-simultaneous-logins 10

vpn-idle-timeout none

vpn-session-timeout none

vpn-tunnel-protocol IPSec svc webvpn

default-domain value nw048b.cisco.com

address-pools value Webvpn_POOL

webvpn

svc dtls enable

svc keep-installer installed

svc keepalive 120

svc rekey time 4

svc rekey method new-tunnel

svc dpd-interval client none

svc dpd-interval gateway 300

svc compression deflate

svc ask none default webvpn

!--- Configure user attributes

username test password S.eA5Qq5kwJqZ3QK encrypted

username test attributes

vpn-group-policy GroupPhoneWebvpn

service-type remote-access

!—Configure username with Phone MAC address for certificate+password method

username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted

username CP-7975G-SEP001AE2BC16CB attributes

vpn-group-policy GroupPhoneWebvpn

service-type remote-access

!--- Configure tunnel group for username-password authentication

tunnel-group VPNphone type remote-access

tunnel-group VPNphone general-attributes

address-pool Webvpn_POOL

default-group-policy GroupPhoneWebvpn

tunnel-group VPNphone webvpn-attributes

group-url https://10.89.79.135/VPNphone enable

!--- Configure tunnel group with certificate only authentication

tunnel-group CertOnlyTunnelGroup type remote-access

tunnel-group CertOnlyTunnelGroup general-attributes

default-group-policy GroupPhoneWebvpn

tunnel-group CertOnlyTunnelGroup webvpn-attributes

authentication certificate

group-url https://10.89.79.135/CertOnly enable

!--- Configure tunnel group with certificate + password authentication

tunnel-group CertPassTunnelGroup type remote-access

tunnel-group CertPassTunnelGroup general-attributes

authorization-server-group LOCAL

default-group-policy GroupPhoneWebvpn

username-from-certificate CN

tunnel-group CertPassTunnelGroup webvpn-attributes

authentication aaa certificate

pre-fill-username ssl-client

group-url https://10.89.79.135/CertPass enable

!

class-map inspection_default

match default-inspection-traffic

!

See also other documents in the category Cisco Phones: