AnyConnect for Cisco VPN Phone Spanless recording?
I'm looking to add this to my existing ASA5520.
Does AnyConnect for Cisco VPN phone support spanless recording?
If not what options are there?
Thanks,
Mike
Hi there,
Did you try
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
Cheers!
Rob
"Why not help one another on the way" - Bob Marley
Similar Messages
-
AnyConnect for Cisco VPN Phone demo license
I want to test VPN Phone in the ASA5520,but "show ver" find the "AnyConnect for Cisco VPN Phone : Disabled", www.cisco.com/go/license i didn't find register AnyConnect for Cisco VPN Phone demo license, how to apply for the demo license??
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.Hi there,
Did you try
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
Cheers!
Rob
"Why not help one another on the way" - Bob Marley -
Certificate authentication for Cisco VPN client
I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.Dear Doug ,
What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
1) What is the AnyConnect Essentials License?
The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers" platform limit with AnyConnect. Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device. With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
Any connect VPN Configuration .
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml -
Hello friends!
I'm developing an application for Cisco IP Phones that whorks with JMF. Since there are some programmers in this forum that knows Cisco IP phones, I send my question here.
I was send succefully the XML message to phone (CiscoIPPhoneExecute), I was customized the paket's size to 160, etc. All works aparently. But audio stream does not reach to phone. Can anyone tell me why??
Below I write my source code.
Tanks!
Max.
import java.io.*;
import java.net.*;
import java.util.*;
import org.apache.xerces.impl.dv.util.Base64;
import javax.media.*;
import javax.media.control.*;
import javax.media.format.*;
import javax.media.protocol.*;
* @author Administrator
public class MMHTTPPost {
/** Creates a new instance of MMHTTPPost */
public MMHTTPPost() {
try {
* Envia el CiscoIPPhoneExecute al telefono
String xml = new String("<CiscoIPPhoneExecute>"+
"<ExecuteItem Priority=\"0\" URL=\"RTPRx:Stop\"/>"+"<ExecuteItem Priority=\"1\" URL=\"RTPRx:10.1.15.10:23480\"/>"+
"</CiscoIPPhoneExecute>");
String userId = "Max",
password = "12345",
basicAuth = "Basic ",
params = "XML=" + URLEncoder.encode(xml, "ISO-8859-1" );
byte[] bytes = params.getBytes();
// Create a URL pointing to the servlet or CGI script and open an HttpURLConnection on that URL
URL url = new URL( "http://10.1.15.56/CGI/Execute" );
HttpURLConnection con = ( HttpURLConnection ) url.openConnection();
// Indicate that you will be doing input and output, that the method is POST, and that the content
// length is the length of the byte array
con.setDoOutput( true );
con.setDoInput( true );
con.setRequestMethod( "POST" );
con.setRequestProperty( "Content-length", String.valueOf( bytes.length ) );
// Create the Basic Auth Header
Base64 encoder = new Base64();
basicAuth = (String)encoder.encode( ((String)(userId + ":" + password)).getBytes() );
System.out.println("Codificado: " + basicAuth);
con.setRequestProperty( "Authorization", "Basic " + basicAuth.trim() );
// Write the parameters to the URL output stream
OutputStream output = con.getOutputStream();
output.write( bytes );
output.flush();
// Read the response
BufferedReader input = new BufferedReader( new InputStreamReader( con.getInputStream() ) );
while ( true ) {
String line = input.readLine();
if ( line == null )
break;
System.out.println( line );
input.close();
output.close();
con.disconnect();
* Aca empieza la parte RTP/JMF
// Create a Processor for the selected file. Exit if the
// Processor cannot be created.
Processor processor = null;
try {
String mediaUrl = "file:\\C:\\pruebas execute\\spacemusic.au";
processor = Manager.createProcessor( new MediaLocator(mediaUrl));
} catch (IOException e){
System.out.println("Exception occured (1a): " + e);
} catch (NoProcessorException e){
System.out.println("Exception occured (1b): " + e);
// configure the processor
//processor.configure();
//Espera el estado Processor.Configured
boolean result = waitForState(processor, Processor.Configured);
if (result == false)
System.out.println("No se pudo configurar el procesador...");
// Block until the Processor has been configured
TrackControl track[] = processor.getTrackControls();
boolean encodingOk = false;
// Go through the tracks and try to program one of them to
// output ulaw data.
for (int i = 0; i < track.length; i++)
if (!encodingOk && track[i] instanceof FormatControl)
if (((FormatControl)track).setFormat( new AudioFormat(AudioFormat.ULAW_RTP,8000,8,1)) == null)
track[i].setEnabled(false);
else
encodingOk = true;
else
// we could not set this track to ulaw, so disable it
track[i].setEnabled(false);
*Aqu? se cambia el tama?o del paquete a 160
if (((TrackControl)track[i]).isEnabled()) {
try {
System.out.println("Cambiando la lista de codecs...");
Codec codec[] = new Codec[3];
codec[0] = new com.ibm.media.codec.audio.rc.RCModule();
codec[1] = new com.ibm.media.codec.audio.ulaw.JavaEncoder();
//codec[2] = new com.ibm.media.codec.audio.ulaw.Packetizer();
codec[2] = new com.sun.media.codec.audio.ulaw.Packetizer();
((com.sun.media.codec.audio.ulaw.Packetizer)codec[2]).setPacketSize(160);
((TrackControl)track[i]).setCodecChain(codec);
catch (Exception e){
System.out.println("Error al cambiar el tamano del paquete: " + e);
System.out.println("Encoding ok?: " + encodingOk );
// At this point, we have determined where we can send out
// ulaw data or not.
// realize the processor
if (encodingOk)
//processor.realize();
// block until realized.
// get the output datasource of the processor and exit
// if we fail
//Espera el estado Processor.Realized
result = waitForState(processor, Processor.Realized);
if (result == false)
System.out.println("No se pudo realizar el procesador...");
DataSource ds = null;
try
ds = processor.getDataOutput();
catch (NotRealizedError e)
System.out.println("Exception occured(2): "+e);
// hand this datasource to manager for creating an RTP
// datasink.
// our RTP datasink will multicast the audio
try
String mediaUrl= "rtp://10.1.15.56:23480/audio/1";
MediaLocator m = new MediaLocator(mediaUrl);
DataSink d = Manager.createDataSink(ds, m);
d.open();
d.start();
catch (Exception e)
System.out.println("Exception occured(3): "+e);
catch ( MalformedURLException murlex )
System.out.println( murlex );
catch ( IOException ioex )
System.out.println( ioex );
* @param args the command line arguments
public static void main(String[] args) {
new MMHTTPPost();
* Convenience methods to handle processor's state changes.
private Integer stateLock = new Integer(0);
private boolean failed = false;
Integer getStateLock() {
return stateLock;
void setFailed() {
failed = true;
private synchronized boolean waitForState(Processor p, int state) {
p.addControllerListener(new StateListener());
failed = false;
// Call the required method on the processor
if (state == Processor.Configured) {
p.configure();
} else if (state == Processor.Realized) {
p.realize();
// Wait until we get an event that confirms the
// success of the method, or a failure event.
// See StateListener inner class
while (p.getState() < state && !failed) {
synchronized (getStateLock()) {
try {
getStateLock().wait();
} catch (InterruptedException ie) {
return false;
if (failed)
return false;
else
return true;
* Inner Classes
class StateListener implements ControllerListener {
public void controllerUpdate(ControllerEvent ce) {
// If there was an error during configure or
// realize, the processor will be closed
if (ce instanceof ControllerClosedEvent)
setFailed();
// All controller events, send a notification
// to the waiting thread in waitForState method.
if (ce instanceof ControllerEvent) {
synchronized (getStateLock()) {
getStateLock().notifyAll();ignore my last post.. I didn't properly read the source code.
Anyway, I got g.711 streaming to work. I started out using the AVTransmit2 sample, but set the audio output format to what is used in the source code posted here. I've also applied the same codec chain described above, and that was it.
I could never get streaming to work using the first RTP streaming method described in the JMF Programmers guide (and this is the method used in the source posted above), but using the RTPManager, things work just fine. -
Support for Cisco VPN "mutual group authentication"
Hi,
Does anyone know of support plans for Cisco VPN mutual group authentication in the built-in VPN client on MacOSX?
Thanks,
JohnI would like to know the answer to this as well.
Thanks,
Josh -
Cisco 6807 and 6800ia Swtich QOS for Cisco ip phones
Does anyone have an example of configuring a 6800ia switch port connected to a 6807VSS parent for cisco ip phones qos. Normally we'd use auto qos voip but auto qos is not supported on 6800IA switches.
Cant find any cisco documentation of what the IA switches port config should look like for a cisco ip phone.
Any help would be appreciated.
Thanks,
DaveI'd leave QoS alone.
-
ASA license for Cisco IP Phone over VPN
Hi,
Are there special licenses required on the ASA to use Cisco IP Phones (Hard phone) over SSL VPN connection?
ThanksHi,
You can purchase the phone proxy license. This elimiates the need to build a VPN tunnel for voice traffic.
It is not mandatory to purchase this license however.
From the ASA configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/unified_comm_phoneproxy.html#wp1144845
"The Cisco Phone Proxy on the adaptive security appliance bridges IP telephony between the corporate IP telephony network and the Internet in a secure manner by forcing data from remote phones on an untrusted network to be encrypted. "
Don't forget to rate all posts that are helpful. -
Recording for Cisco IP Phones and Cisco C90 Codec
Hello
We are looking for a solution that is capable to record both Cisco IP Phones and Cisco Codec C90.
We are using CUCM 9.X for IP Phones and VCS 7.X for Cisco Codecs.
Is their any third party solution available for both the requirements or do i have to go with TCS and any other third party recording solution.
Thanks & Regards
Aniket PatilMy reply may be too late to be of any help to you, but for the benefit of others:
Be sure you understand the different types of PoE out there. The Linksys PoE switch only supports the newer IEEE 802.3af PoE standard.
The 7940, 7960, 7905 and other older Cisco phones only support Cisco pre-standard PoE and thus will not work with the 802.3af Linksys Switch.
To use this switch, you will need to make sure you are using the newer 7070, 7961, 7941 phones with support both pre-standard and 802.3af PoE.
All the best,
John -
What to support for Cisco IP Phone 7912?
dear all. please help me!!!
I have a 7912 ip phone, and using Cisco CME in 1760, but I do not see this type 7912 ip phone telephony service there. whether it was true ip 7912 phone is not support for the Cisco 1760 CME. and whether support for the cisco 7912 ip phone? whether the telephony-service configuration is equal to the telephony-service configuration for the ip phone 7940?
please help me !!!Hi to all
Please I ned some advice , I was try to reset to factory defaults a Cisco IP Phone 7912 and I was failed .
Please can you help me ?
Thanks a lot !
Hugo Baez -
IP application for Cisco IP Phones - Banner Ad Rotator
Looking for an application to advertise on the Cisco IP Phones running Call Manager at a Hotel. Has anyone found anything or use a Banner Ad Rotator on the phones?
While the CCM simulator works for really simple things, you'll often find the need to access information available only on a real call-manager so running a virtual machine with a real system is preferable.
And once you have the app up and running on the IP Communicator (contact your Cisco ACM to get one), you need a physical phone to continue testing because there's a difference between the IP Communicator and physical phones and you need to make sure you have your app tested on the actual hardphone (preferably with the load that the customer uses though things have gotten a lot better in that area.. if the customer has a halfway up-to-date phone load then you should be fine). -
Generate Active load report for Cisco IP Phones
Hello All,
We have a cluster contains around 24,000 IP phones, and we have a migration very close so we want to get the report of the phones whichever running with the old phone firmware.
Our current active load should be : SCCP42.9-3-1SR2-1S
So please let me know, is there any way me to run a report and get the details of the active load for all the phones ?
Thanks.I believe the solutions below will address your concerns.
The PC that is daisy chained to the IP phone could capture the mac adresses by the attacker reading it physically on the IP phone and then set the pc network port to that mac address.The attacker could then configure its own verified MAC adress on a loopback interface, thus the PC would be able to access both its Data VLAN and the former IP Phones Voice VLAN.
And since the link between the Switch and the IP Phone acts like a trunk link VLAN hopping can occur.
********To prevent the end user from reading the mac address on the bottom of the phone, you could physically remove the mac label. To prevent the end user from seeing the mac via the phone display, you would disable the Setting access setting the in the phone configuration in call manager, which would prohibit access to the settings button on the phone.
Another attack vector would be a Cisco switch configured for CDP and configured with the same MAC address as either the IP Phone or the PC. The attacker could then gain ciritical information about the state of the Corporate switch. In order for this to work the switch would need to have STP disabled so no BPDU would get broadcasted.
***********In this scenario, you could leave stp enabled, but enable bpdu guard on the port, then if it receives any bpdus, it could place the port in err-disable state.*************
The final attack I can think of is that the PC launches a Double VLAN tagging assault by tagging its packet as the Voice VLAN and then encapsulating the desired attack VLAN inside than Voice VLAN tag.
*************To prevent double vlan tagging by the pc, you would disable the pc voice vlan for the phones within the call manager.***********
Hope this helps. -
User Guide for Cisco UC Phone 7937
Can anyone supply me with a URL for downloading a basic user's guide for the UC 7937 Phone?
Hello ttrovato 1,
Here are some links where you will be able to find the information about the conference ip phone 7937G.
Administration guide:
Link:http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cuipph/7937g/6_0/english/administration/guide/37adm60.pdf
Phone guide:
Link:http://www.msl.ubc.ca/sites/default/files/cisco-teleconference-phone-userguide.pdf
Latest Firmwares:
Link:https://software.cisco.com/download/release.html?mdfid=281433475&softwareid=282074289&release=1.4%285%29&relind=AVAILABLE&rellifecycle=&reltype=all
Specifications Overview:
Link: http://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-conference-station-7937g/model.html
Enjoy it.
Regards,
Gerson -
Forced Authorization Code For Cisco SIP Phone 3905
Hi Team,
Can i configure Cisco SIP Phone 3905 to use Forced Authorization Code ? I am using Call Manager 9.X.
Regards,
Praful SartapeHi Praful,
Yes you right for CME but for CUCM some sip phones supports FAC , as far as 3905 is concerned it supports FAC .
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/3905/8_6/english/admin_guide/IP05_BK_CDEEDD7F_00_admin-guide-3905_chapter_0101.html#IP05_RF_A5029279_00
I didnt find link for CUCM 9.x but that above link will help.
And also check this thread- https://supportforums.cisco.com/thread/2125452
Rate all the helpful post.
Thanks
Manish -
HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone
Hellow all!
I'm want use port-security for ports on my HP 3800. But PC connected
to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
for data - 1 VLAN (native). Cisco phone add self mac-address in these
two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
switchport port-security maximum 3
switchport port-security mac-address pc_mac
switchport port-security mac-address ip_phone_mac
switchport port-security mac-address ip_phone_mac vlan voice
How i can add one mac in two VLAN's on HP 3800 Switch?
Sorry for my English, please ^_^
This topic first appeared in the Spiceworks CommunityHi Kuarzo, please reference the following;
https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300 -
ISE - dot1x EAP TLS for Cisco IP Phones
Hi Gents,
I have a question about the CA configs for ISE or ACS.
As I understand, LSC certificate is issued by the CUCM by its Certificate Authority Proxy Function. If an IP Phone needs to be authenticated by its LSC (Locally Significant Certificate), which of the following CA we need to trust:
1. Cisco CA Certificate
2. CUCM Locally signed Certificate or CUCM Identity Certificate
And if these certificates are imported into ISE/ACS, will the ISE/ACS will be able to authenticate the IP Phone if the dot1x EAP-TLS authentication is enabled for IP Phones?
Is there any other configs needed?
I would highly appreicate if someone can clearify me this process.
Regards,I got the answer, for the first part of the EAP TLS authentication: Phone authentication
In an IEEE 802.1X authentication, the AAA server is responsible for validating the certificate provided by the phone. To do this, the AAA server must have a copy of the root CA certificate that signed the phone's certificate. The root certificates for both LSCs and MICs can be exported from the CUCM Operating System Administration interface and imported into your AAA server
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html#wp9000412
As this is EAP TLS, Server (ISE/ACS) is also required to authenticate itself to the phone.
What is needed for this?
Maybe you are looking for
-
ZFS write hangs / DMA reset? Can it be fixed?
My Solaris 10 (5/08) box with 3 Seagate 1TB drives hooked to a PCI-X SiI3124 randomly stops responding to ZFS IO for up to a minute, during alternate long (100+MB) file reads and writes. Disabling NCQ may eliminate the problem during reads, but not d
-
I am buy an iPad mini as a gift for someone in Portugal would I be better off buying it there or could I buy in UK before I go?
-
Maverick - Save Custom Zoom Settings?
Is there a way to save zoom settings in Maverick? In Mountain Lion, my zoom settings would be saved in Safari, Pages, Numbers etc. So once I set the desired zoom, every time I opened the program the same zoom settings were already set. Now every time
-
Why not leave remote app for 4.2.1?
Hi there, with my family i own 3 ipod touches, 3 shuffles, and two iphones. I own two houses where i have set up a central computer to run itunes with airport expresses all over my houses to control speakers and music through the "remote" app. I am h
-
How to move segments from one tablespace to another tablespace?
I have created new tablespace now i want to move the old tablespace segments to new one but how? Please guide Thanks, Waheed.