EasyManua.ls Logo

Cisco 8961 - Page 233

Cisco 8961
378 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
•
Phone Configuration window (Device > Phone)
•
Common Phone Profile Configuration window (Device > Device Settings > Common Phone Profile)
•
Enterprise Phone Configuration window (System > Enterprise Phone Configuration)
VPN Concentrator Setup for Cisco VXC VPN
The recommended VPN concentrator for use with this feature is the Cisco ASA 5500 Series Adaptive Security
Appliance. To support the Cisco VXC VPN, you must set up the ASA for multisession support so that the
phone can establish two tunnels that use the same credentials.
Network Guidelines for Cisco VXC VPN
The following network guidelines exist for the Cisco VXC VPN feature implementation:
•
The MTU size in the phone VPN profile is a configurable value. The default value is 1290.
•
The maximum MTU value on the phone itself is hardcoded at 1406.
•
The MTU value must be no greater than 1406, but it should not be less than 576, because some IIS and
virtualization servers do not accept values less than 576.
•
You must set up the firewall to allow the MTU value that you specify in the phone VPN profile.
•
If the phone cannot download the certificate file or the phone configuration file, check for the allowed
packet size in the network.
•
If the Cisco VXC VPN cannot establish a tunnel, then ping the VPN concentrator IP address with a
packet size (load) to match the MTU value that the VPN profile specifies.
•
If the ping fails, try another ping that specifies no load. If the ping still fails without the load, check the
routing configuration.
•
If the ping fails only with the load included, check the firewall to ensure that it is configured to allow
the required MTU.
•
Perform a traceroute to the VPN concentrator IP address, and then ping each route with the load to
determine the source of the issue.
• Ensure the Don’t Fragment (DF) bit is not set on the server, network, or IP phone VPN tunnel.
Cisco VXC VPN Limitations and Restrictions
The following limitations and restrictions apply:
•
Only Layer 3 packets are tunneled. The Cisco VXC VPN feature does not support Layer 2 tunneling.
Therefore any Layer 2 capabilities are lost if the Cisco VXC connects through VPN.
•
The VPN client supports only IPv4 addresses.
•
The Cisco VXC VPN tunnel cannot be established over a Wi-Fi interface.
Cisco Unified IP Phone 8961, 9951, and 9971 Administration Guide for Cisco Unified Communications Manager 10.0
(SIP)
209
Features, Templates, Services, and User Setup
Cisco VXC VPN Limitations and Restrictions
REVIEW DRAFT - CISCO CONFIDENTIAL

Table of Contents

Other manuals for Cisco 8961

Preview: User Guide
User Guide148 pages
Preview: Release Notes
Release Notes16 pages
Preview: Quick Start Guide
Quick Start Guide2 pages
Preview: Quick Reference Guide
Quick Reference Guide3 pages
Preview: Manual
Manual11 pages
Preview: Overview
Overview30 pages
Preview: Features
Features34 pages
Preview: Quick Reference
Quick Reference4 pages
Preview: Quick Guide
Quick Guide10 pages
Preview: Quick Glance
Quick Glance3 pages
Preview: Setup Guide
Setup Guide4 pages
Preview: Setup
Setup4 pages

Related product manuals