we do it with ASAs.. setup normal sslvpn with anyconnect.. then setup a specific user account for the phone.. create a second group-policy for phones, copying the original sslvpn group-policy.. but in this "phone" policy, you'll make sure to tunnel all... finally, under the user attributes for the phone credentials on the ASA, assign the second group-policy..
then you need to go into the spa525g2 and enable sccp, and enable alternate TFTP.. putting in the address of your UC500 so phone can register to it once on vpn..
just enter web address in 525g2 (https://x.x.x.x:1234/ of whatnot), username and password.. slide to vpn enable and it'll try to connect.. then slide to enable on boot up..
don't know if this will help - never messed with anything regarding sslvpn directly with the UC500 myself..