Cisco Cisco AnyConnect Secure Mobility Client v2.x Troubleshooting Guide
Contents
Introduction
Requirements
Confirm VPN Phone License on ASA
Export Restricted and Export Unrestricted CUCM
Common Issues on the ASA
Certificates for Use on the ASA
Trustpoint/Certificate for ASA Export and CUCM Import
ASA Presents ECDSA Self-Signed Certificate Instead of Configured RSA Certificate
External Database for Authentication of IP Phone Users
Certificate Hash Matches Between ASA Certificate and VPN Phone Trust List
Check SHA1 Hash
Download IP Phone Configuration File
Decode the Hash
VPN Load-Balancing and IP Phones
CSD and IP Phones
ASA Logs
ASA Debugs
DAP Rules
Inherited Values from DfltGrpPolicy or Other Groups
Supported Encryption Ciphers
Common Issues on the CUCM
VPN Settings Not Applied to IP Phone
Certificate Authentication Method
Host ID Check
Additional Troubleshooting
Logs and Debugs to Use in the ASA
IP Phone Logs
Correlated Issues Between ASA Logs and IP Phone Logs
ASA Logs
Phone Logs
Span to PC Port Feature
IP Phone Configuration Changes While Connected by VPN
Renewal of the ASA SSL Certificate
Introduction
This document describes how to troubleshoot issues with IP phones that use the Secure Sockets
Layer (SSL) protocol (Cisco AnyConnect Secure Mobility Client) in order to connect to a Cisco
Adaptive Security Appliance (ASA) that is used as a VPN Gateway and in order to connect to a
Layer (SSL) protocol (Cisco AnyConnect Secure Mobility Client) in order to connect to a Cisco
Adaptive Security Appliance (ASA) that is used as a VPN Gateway and in order to connect to a