c. Objectius i activitats per a l’alumnat
4. tancament i agraïments
Purpose:
1. Set up and verify VPN between main site and laptop at home-office.
2. Set up and verify CIPC registers and can call other phones.
Highlights:
• CME 4.0.1 adds support for remote phones – this lab details the procedure to setup a remote phone for Teleworker support along with the required phone parameters. It also gives you a flavor of how easy it is to configure a VPN tunnel with SDM.
Setup:
• For all procedures below, you will work with the central ISR as the HQ and your router as a CME. In other setups, it could be an 870 series router to which an IP phone or laptop with IP Communicator are attached. The connection between CME and remote site has to be a “business class”
DSL/cable link so that some QoS is provided by the service-provider. A minimum of 64k is needed per phone that is connected to the remote-site.
Connect your laptop to the cable directly connected to the switch (labeled
“Remote PC”) and not through a phone switch for this lab. The setup in this lab is done for a VPN client on laptop along with IP Communicator. It can be done with the 870 series terminating the EzVPN connection and phones connected to the 870 series router.
Instructions:
I. Install Cisco IP Communicator on your laptop
Run installer on CiscoIPCommunicatorSetup.exe to install CIPC version 2.0(1a) on your laptop. If you have an older instance of CIPC on your laptop, please uninstall it before installing this new version.
II. Configuring your VPN Client
1. Run installer on vpnclient-win-msi-4.8.01.0300-k9.exe to install Cisco VPN client on your laptop.
2. After software installs, configure your VPN client to access the EZ-VPN server. In the screen below, the “Name” parameter is very important. This should match the group settings on EasyVPN server setup..
For the purposes of this lab, add a new connection with the following parameters:
Host: 1.1.33.111
Group Authentication: Selected Name: remotephone
Password: cisco
Now, connect the yellow cable directly from etherswitch HWIC to your laptop.
You should get an IP address on the 2.2.2.0 network. Disable your wireless connection as it may cause routes to be defaulted to itself.
You’ll connect to the VPN in a later step.
III.
Configure an ephone to be a remote-phone and use G.729 codec Configure the following for each remote phone on your CME Pod router:
On your PC:
Get a command prompt (Start >> run >> cmd) C:\>ipconfig /all
…
<snip>
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . : Intel Gigabit Ethernet Adapter Physical Address. . . : 00-01-6C-3C-78-9E
Dhcp Enabled. . . : Yes IP Address. . . : 2.2.2.101 Subnet Mask . . . : 255.255.255.0 Default Gateway . . . : 2.2.2.2
On your CME Pod, configure the following:
ephone-dn 4
number 1x04 (where x is pod number) name Podx-CIPC
!
ephone 4
mac-address <mac of Ethernet adapter> (from above output – 0001.6c3c.789e ) mtp
codec g729r8 button 1:4
description Teleworker
IV. Configuring your CIPC
Start Cisco IP Communicator and under Preferences >> Network, use the Cisco Systems VPN Client Adapter.
For TFTP Server, use the IP address of your Pod CME. This will register your CIPC with the pod CME and you should be able to use it to make all phone calls.
Now, double-click on the new VPN connection that you created. It should ask you for a username and password – use the following:
Username: podXX ( where xx is your pod number. example: pod1) Password: cisco
This should give you an address on the 3.3.3.0 network.
Make the following test calls and verify the codec used by double-clicking the “?”
button.
1. For calls to another IP phone on the same CME, the codec should be G.729.
2. For calls to CUE, the codec will revert to G.711ulaw because transcoding is not configured and CUE requires G.711 for audio. G.729 would be supported for this call flow if trancoding were enabled.
3. Have another IP phone on the same CME conference in CIPC with another IP phone. Verify that the codec reverts to G.711ulaw because transcoding is not configured and CME 3-part conferencing requires G.711. G.729 would be supported for this call flow if trancoding were enabled.
If you receive two-way audio for all your test calls, your lab setup is fine and complete.
References:
Teleworker Remote Phones URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_configur ation_guide_chapter09186a00805b21ba.html#wp1056386
Transcoding support – URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_configur ation_guide_chapter09186a00805b21bd.html
Configuration:
VPN Setup between hub/HQ and spoke/remote-site
Important Note: You do NOT have to do this step as the central VPN server ISR is already setup for you. Instructions in this step are for reference only.
If you want to enable access to your local SDM, configure an admin account on your CME:
username admin privilege 15 password sdm
Launch SDM GUI by using Internet Explorer and doing an http session to the router.
http://1.1.x.1 username: admin password: sdm
All new routers are pre-loaded with SDM so this would not take any special efforts to install.
If you need to install SDM, download the latest zip file from CCO and put the following files on router flash: common.tar, sdm.tar, home.tar, home.shtml and sdmconfig-<platform>.cfg. You will also need to point to the location for http with “ip http path flash:”.
As soon as you launch a browser session to the ISR, you are taken through two initialization screens and then this SDM GUI. For this to work right, you have to enable popups (at least for the CME router’s URL).
On this GUI, click on “Configure” and then on “Easy VPN Server”. This opens up the following screen:
If AAA is disabled, you need to enable it with the link OR say “Yes” when you hit the “Launch Easy VPN Server Wizard”.
Click on “Next” and then choose the interface that is connected to the WAN side of the network (through which clients/remote-offices connect).
Parameters in the screen above and the following screens can be changed if needed – the defaults work fine for most applications.
In the screen below, the “Name of This Group” parameter is very important. This should match the group settings on VPN Client.
When adding the pool of IP Addresses, use a pool that is not the same network(s) as the device – preferably a separate “VPN” address space. Also put this address space in your routing tables as needed.