Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cisco 525G2 Handsets connecting via SSL VPN

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timboau
      last edited by

      Wow - I'm an pfSense convert - loving it!

      I have configured all manner of things and am looking to replace our current router (Cisco UC540) with a pfSense dual WAN setup.

      However I appear to be stuck when it comes to configuring the SSL VPN (openVPN) for the remote handsets we use.

      The are Cisco SPA525G2 in the configuration on the phone you can only enter IP/username/password and it does the rest and connects up.

      Has anyone had any experience with Cisco handsets connecting directly as OpenVPN clients?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The Cisco phones' built-in SSL VPN client is Cisco AnyConnect, a Cisco-proprietary solution. Those can only connect to Cisco VPN devices. There are other phones that offer standard, non-proprietary VPN options including OpenVPN, such as Yealink amongst others. Cisco leaves you no option but to have them connect to one of their own boxes unfortunately. Go figure :-\ Cisco is known for such things, pay more for the name, and then pay even more because you have to buy all kinds of other Cisco stuff for it to work.

        1 Reply Last reply Reply Quote 0
        • T
          timboau
          last edited by

          Ahh thanks for the quick reply - thats saved me many hours of work!

          Would it be possible to port forward 443 through the pfsense router to the Cisco box - just thinking out aloud - I really want to remove the Cisco UC540 as the edge device.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You should be able to port forward that through no problem. There are routing considerations, you'll need a static route pointing the phones' VPN-assigned IP subnet to the device where the VPN is terminated.

            1 Reply Last reply Reply Quote 0
            • S
              SIPpyCup
              last edited by

              @cmb:

              The Cisco phones' built-in SSL VPN client is Cisco AnyConnect, a Cisco-proprietary solution. Those can only connect to Cisco VPN devices.

              I bought a 252g2 when an office closed down.  I'm panning to use it as SIP like the other cisco 7960G.

              ask ubuntu claims

              If you don't need the "official" Cisco AnyConnect VPN software, I highly recommend installing the "network-manager-openconnect-gnome" package in the Ubuntu Repository. It uses OpenConnect which is an open source client for AnyConnect. Anyhow, that package allows for you to configure and manager your AnyConnect VPN connections through the normal network manager.

              cite: http://askubuntu.com/questions/154699/how-do-i-install-the-cisco-anyconnect-vpn-client

              Being freshly new to pfSense (10 hours ago for home use) and neither being an ubuntu guru nor a masochist I lack the skills/knowledge/experience to evaluate the openconnect for anyconnect claim in this use case.  Changing the 7960G firmware to SIP and configuring via tftp was not as challenging as the numerous poorly written articles I read claimed so I'm not hopeless (I hope).  ubuntu isn't freebsd but I imagine there is also an analog?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                That note from ubuntu is about ubuntu acting as a client to anyconnect, not a server.

                Still, it's specific to Cisco.

                Get a SNOM or Yealink handset that supports OpenVPN and don't look back :-)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • S
                  SIPpyCup
                  last edited by

                  @jimp:

                  That note from ubuntu is about ubuntu acting as a client to anyconnect, not a server.

                  yikes  :o so it is.

                  Get a SNOM or Yealink handset that supports OpenVPN and don't look back :-)

                  ooooh.  the cisco 7960G cost $40 and the 525G2 $95.  pre-owned obviously.  what great prw-owned price might the recommended yealink or snom be?  so I'll know if I'm looking at gouge pricing ;)

                  1 Reply Last reply Reply Quote 0
                  • F
                    fizadmin
                    last edited by

                    Here's instructions on how to set up OpenConnect as a server:

                    https://wiki.openwrt.org/doc/howto/openconnect-setup

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.