Showing results for 
Search instead for 
Did you mean: 



Updated with CCA 3.0.1


The SPA525G phone can be established as a Remote Teleworker phone behind any router with a public internet connection.  CCA 2.2.2 introduced the wizard to make this easier to deploy.  This technical enablement lab walks you through it.  You must configure the SPA525G at the serving UC 500 before you send it to the remote location.  Once you are configured and the phone is deployed, you can continue to administer it using CCA at the local serving UC500.


We have posted a question with Cisco Netherlands but.. I might as well post it here as well. We see a lot of customers who implement the UC500 as a device in the netwerk instead of the central WAN/LAN routing device. This means that the UC500 is connected to the network via FA0/1/8 "Expansion" port. Is it possible to provide a solution so that UC500, which is only configured with an internal IP, to work with AnyConnect SSL? Ofcourse the firewall/router will forward port 443 to the UC500 internal IP.


To comment on myself: It is indeed possible to configure the scenario I posted, we got it working. Although CCA sadly does not allow the configuration.

Community Member

Bryan, how did you get this working?  We are tying to do the same, with a UC540 with only an internal IP, no WAN connection on the UC540 and an ASA5505 as the edge firewall.  If you have any pointers, I'd appreciate it.  Thanks.



You can configure this via CCA by entering the internal IP address. You need to forward port 500, 4500 and 10000 on the ASA5505 to the internal UC540 IP. Our UC540 is connected via the 'expansion' port. I think the newer CCA will not complain that you do not have a static IP on the WAN interface.

I have a CLI configuration if you are experienced using CLI.


Hi Bryan

can you please share the CLI configuration on this scenario

Thanks for your help




I followed the instructions, and when I place the phone outside the network it connects to its new network, it gets an IP, it establishes the VPN tunnel, but then it gets stuck trying to download the XML file, it cycles between the default and its file indefinitely.  I am currently testing with the outside network on 192.168.0.x and the UC520 using as its public IP.  The internal network for the UC520 data is 192.168.10.x and for telephony is the normal default of 10.1.1.x

What am I missing?