Cisco 525G2 Handsets connecting via SSL VPN



  • Wow - I'm an pfSense convert - loving it!

    I have configured all manner of things and am looking to replace our current router (Cisco UC540) with a pfSense dual WAN setup.

    However I appear to be stuck when it comes to configuring the SSL VPN (openVPN) for the remote handsets we use.

    The are Cisco SPA525G2 in the configuration on the phone you can only enter IP/username/password and it does the rest and connects up.

    Has anyone had any experience with Cisco handsets connecting directly as OpenVPN clients?



  • The Cisco phones' built-in SSL VPN client is Cisco AnyConnect, a Cisco-proprietary solution. Those can only connect to Cisco VPN devices. There are other phones that offer standard, non-proprietary VPN options including OpenVPN, such as Yealink amongst others. Cisco leaves you no option but to have them connect to one of their own boxes unfortunately. Go figure :-\ Cisco is known for such things, pay more for the name, and then pay even more because you have to buy all kinds of other Cisco stuff for it to work.



  • Ahh thanks for the quick reply - thats saved me many hours of work!

    Would it be possible to port forward 443 through the pfsense router to the Cisco box - just thinking out aloud - I really want to remove the Cisco UC540 as the edge device.



  • You should be able to port forward that through no problem. There are routing considerations, you'll need a static route pointing the phones' VPN-assigned IP subnet to the device where the VPN is terminated.



  • @cmb:

    The Cisco phones' built-in SSL VPN client is Cisco AnyConnect, a Cisco-proprietary solution. Those can only connect to Cisco VPN devices.

    I bought a 252g2 when an office closed down.  I'm panning to use it as SIP like the other cisco 7960G.

    ask ubuntu claims

    If you don't need the "official" Cisco AnyConnect VPN software, I highly recommend installing the "network-manager-openconnect-gnome" package in the Ubuntu Repository. It uses OpenConnect which is an open source client for AnyConnect. Anyhow, that package allows for you to configure and manager your AnyConnect VPN connections through the normal network manager.

    cite: http://askubuntu.com/questions/154699/how-do-i-install-the-cisco-anyconnect-vpn-client

    Being freshly new to pfSense (10 hours ago for home use) and neither being an ubuntu guru nor a masochist I lack the skills/knowledge/experience to evaluate the openconnect for anyconnect claim in this use case.  Changing the 7960G firmware to SIP and configuring via tftp was not as challenging as the numerous poorly written articles I read claimed so I'm not hopeless (I hope).  ubuntu isn't freebsd but I imagine there is also an analog?


  • Rebel Alliance Developer Netgate

    That note from ubuntu is about ubuntu acting as a client to anyconnect, not a server.

    Still, it's specific to Cisco.

    Get a SNOM or Yealink handset that supports OpenVPN and don't look back :-)



  • @jimp:

    That note from ubuntu is about ubuntu acting as a client to anyconnect, not a server.

    yikes  :o so it is.

    Get a SNOM or Yealink handset that supports OpenVPN and don't look back :-)

    ooooh.  the cisco 7960G cost $40 and the 525G2 $95.  pre-owned obviously.  what great prw-owned price might the recommended yealink or snom be?  so I'll know if I'm looking at gouge pricing ;)



  • Here's instructions on how to set up OpenConnect as a server:

    https://wiki.openwrt.org/doc/howto/openconnect-setup


Log in to reply