SSL VPN on Cisco SPA525G phones

ttrentler's picture
Submitted by ttrentler on Tue, 11/10/2009 - 10:35

So, I was out at a client site last week and deployed two remote phones via the SSL VPN feature in the beta of CCA2.2.  I must say the feature really works and works well.  

Voice Quality was excellent on the customer's DSL internet connection.  I used the wizard in CCA to set this feature up.  In the past I've not been a big fan of the wizards in CCA since most of them requre a device in factory default configuration.  This one does not.  Just pick a SPA525G phone connected to the system, click a check box and BAM!  You are done.

Nice job SBCS team. 

Share/Save
5
Average: 5 (2 votes)
Your rating: None

Comments

mrttn3's picture

Hi, I am trying to implement

by mrttn3 - 12/02/2009 - 17:29

Hi, I am trying to implement this and can't get it to work.
I have uc500 series using 7.0.3 ios version, I don't see the option to config ssl vpn when cca in and I have cca 2.2.
 
what version are you running on both phone and uc?

ttrentler's picture

It is still in Beta!

by ttrentler - 11/11/2009 - 20:15

CCA 2.2 is still in beta.  I'm not sure when it will be released.
 
ted

ttasset's picture

I am so excited about this....

by ttasset - 11/11/2009 - 17:21

I have tried several options with the 7965G and UC500 including using an ASA as an EasyVPN client from the remote location and using an ASA as phone proxy. The problem with phone proxy is that it requires a seperate IP address that the cable company wants to charge an extra $25 a month! So this is my solution! I dont need extra equipment, I dont need extra IP addresses, etc.... 
So I downloaded the 7.1.3EA pack and now all I need is the CCA2.2? Do you know where I can get that from?
Thanks, 

Hoover87's picture

Ted,   Is this a secure SIP

by Hoover87 - 11/10/2009 - 16:34

Ted,
 
Is this a secure SIP solution?  What features, if any, are lost with this solutuion...voice view, SCCP only fetures, etc.?
 
Thanks.

ttrentler's picture

Security

by ttrentler - 11/10/2009 - 16:50

When Using the Spa525g SSL client the  call control and RTP media are secure and protected from the UC500 to the SPA525g.  I didn't use SIP though for call control for the the phone but rather used SPCP the default.  (SPCP is the UC500 only version of SCCP) If it was configured as a SIP phone the SIP call control would be tunneled as well.

The only feature you lose on the phone is the ability to attach a PC to the Switchport on the remote phone.  All other features work fine.  I've tried the remote phone as as Wifi phone and plugged it in to a remote switch port as well.  You also need to make sure to order a PA-100 power adapter for the phone as most people don't have POE on their home routers!

 

Hoover87's picture

Thanks Ted.   I wonder if you

by Hoover87 - 11/10/2009 - 17:58

Thanks Ted.
 
I wonder if you could deploy these securely using SSL/SIP to get around the UC500 only caveat and use an ISR at the headend.

ttrentler's picture

I'm pretty sure you can

by ttrentler - 11/10/2009 - 18:01

Since you can enter all of the SSL VPN client info through a web browser or directly on the IP phone display I don't see any reason why it wouldn't work.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Similar entries