Hello, Can anyone provide any experience they have had with deploying the UC500 solution support SSL VPN. I have asked a presales question to Cisco, and they actually came back and stated. "I found evidence in internal Cisco technical support documentation that the UC520 does NOT support SSL VPN, that for SSL VPN functionality Cisco recommends an Integrated Services Router (ISR)." However, their public documentation clearly states it supports SSL VPN. I have it working succussfuly with sslclient-win-1.1.4.179.pkg however, the problem being SSL Client is not supported in Windows Vista. Anyconnect would be the solution for this, however, unsuccsful with getting Anyconnnect to work with the UC500. Anyone have any light to shed on this? Thanks, |
|||
 |
UC500.comCisco Communication Manager Express, UC520, SMB VOIP reference and community |
Another feature request ..
While everyone is moaning about the lack of an upto date modern VPN solution, I'd like to point out the lack of a dynamic routing protocol, I'm sure the documentation for the product refer's to the device as a "router" many times.
I'd be happy with even just RIP.
-Dan
Well, for what its worth,
Well, for what its worth, SSL VPN on the UC520 works pretty good for a non-supported feature. I've been using for a while now. The CIFS works very well, as well as Intranet pages etc. Port forwarding for thin-clients also works.
The SSL VPN Client for tunnel mode is pretty fast and works well, but produces similar errors as what Ryan mentioned...but works none the less.
Anyconnect 2.2 will work, or function rather, with the latest IOS image as well. It's much slower that the svc though. Still produces those silly errors, but connects and passes traffic.
Ryan, enable "webvpn sslvpn-vif nat inside" and see if that gets you going.
I'm not saying that it's a deplyable solution, but it does work.
Cisco IP Communications Express Specialist
www.ketchumits.com
Well, this thread prompted
Well, this thread prompted me to dig into the SSL errors a little deeper. I mentioned earlier that the SSL VPN client produced similar errors that Ryan was seeing. That was running the new 20T code that had just come out. I downgraded to the XW8 code that I had been running and now see no errors at all using the SSL VPN client. As a side note I also had some issues with IP Communicator and the SSL client when using 20T. Running XW8 it runs like a champ and I can use IP Communicator via the SSL client.
Just my 2 cents for anyone trying to squeeze every little bit out of the box. I'm looking forward to the next maintenance release.
Cisco IP Communications Express Specialist
www.ketchumits.com
Let me see if I can light a
Let me see if I can light a small fire under the BU's seat, the issue is not with the UC BU its with the IOS SSL VPN guys....let me reach out to them and see if we can get you guys the feature your needing/wanting. I'll let you know what we get done.
Joe Harris
CCIE No. 6200 (R/S, Sec, SP)
http://www.6200networks.com
Hi, This is NOT supported on
Hi, This is NOT supported on the UC500 platform. Just because the parser allows you to enable webvpn (even with 12.4(20)T) on the UC platform this is absolutely not supported and the UC500 BU is updating the public documentation which is currently incorrect. Thanks in advance.
Joe Harris
CCIE No. 6200 (R/S, Sec, SP)
http://www.6200networks.com
Hmmm . . . WHAT !?!
I rather have them turn on the feature on than change the documentation.
It is sort of like buying a car from the dealer and the dealer says the car comes with cruise control. You buy the car, bring it back and the dealer says the sticker on the window listing the car's features was wrong. Now your stuck with it.
Cisco has been advertising the SSL VPN as a feature of the UC520 since launch over a year ago.
If the feature is only supported in CLI I think that would be fine. I don't think not adding the feature and changing the documentation is an acceptable response.
Am I alone in thinking this?
Yep you heard me...
It's not as simple as just 'turning on' a feature, there's A LOT more that goes into supporting a platform and feature....BTW...IOS SSL VPN is a licensed feature and there is no license SKU for UC500, do you remember purchasing that? Discuss your feature requirements with your Cisco engineer and ask him to open a feature request on your behalf that way the BU will have a mechanism to track the feature request. Ranting about it here will do you no good but I will state it once more, this feature is not supported on the UC500 platform as of today.
BTW per the car analogy, you should have first checked http://www.cisco.com/go/fn to verify support of the feature.
Joe Harris
CCIE No. 6200 (R/S, Sec, SP)
http://www.6200networks.com
I heard ya. :)
FYI Ranting does make me feel better.
I didn't buy per phone licenses either with my Uc500 as I had to with CME on an ISR router.
Though I understand the feature navigator. Why would should I need to double check the data sheet that Cisco puts out. If the data sheet says the box has 8 POE interfaces I'm not going to double check Cisco's own documentation for that. (Well, maybe now I will)
I've recently brought this matter to people in the BU that I know, and I'm not about to get bent out of shape about it. I also want to give them plenty of time to reply.
I used the analogy of cruise control in my last post becuse it is a feature I can make do without. In fact I've been using and installing UC520s for over a year and am just seeing a need for this feature. For my needs SSL VPN would be great for when I am in the occasional hotel that has issues with VPN connections.
just my .02
Ted
I sent an email to one of the TMEs about this
I dropped a line to one of the Technical Marketing Engineers at Cisco about SSL VPN support and am waiting to see what the official line is.
Ted
These are the errors that
These are the errors that flood the CLI (not debugs)
Aug 7 19:49:22.883: %SYS-2-LINKED: Bad enqueue of 8508EC3C in queue 84860384 -Process=
"", ipl= 6, -Traceback= 0x80E6AA80 0x801B057C 0x828C27B4
0x828A1A80 0x82B7FB54 0x82B72050 0x82B73250 0x82B748D0 0x81706680 0x817070DC 0x81270288
0x812711BC 0x812712DC 0x8004F888 0x80051E14 0x80052D0C
This is with the anyconnect2.2 pkg and the newest 12.4(20)T code. I have opened a case with TAC and the official word from cisco is "We do not support SSL VPN on the UC520 platform"
This is a real **** off since it's publicly documented very clearly on the data sheet for the platform that:
"...The platform also supports SSL (Secure Sockets Layer) VPN ."
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps729...
The TAC engineer informed me they plan on removing that statement from the data sheet. This is of very little help when we have already positioned this device to several clients based that it will support SSL VPN.
We have done testing and it seems the SSL Client (v.1.4.xxx(not anyconnect) does work ok, however, this offers NO Windows Vista support. With no Vista support it is not feasible to position this to potential clients to use from home.
Can anyone else add to their experience with SSL VPN and the UC500 platform?
Thanks.
What error are you seeing
What error are you seeing when attempting to use anyconnect?
Cisco IP Communications Express Specialist
www.ketchumits.com