SSL VPN on 525G with SA520

yogi · ‎06-29-2010

So how do you get teh SSL VPN on a 525G to work when there is an SA520 in front of the UC540?

Alberto Montilla · ‎06-30-2010

Dear Sir;

VPN should go directly to the UC540. Not sure whether you are asking this or the specific instructions on the SA500 settings.

Regards;
Alberto

yogi · ‎06-30-2010

Thanks for the response Alberto. I know the VPN needs to terminate at the UC, but I have to pass it

through the SA. But the UC would seem to require a public IP address on the WAN in order for the wizard

to configure the phone. As you run the wizard it lists the remote IP address that the phone needs to connect to, which is the WAN address. If this is a non-routable address, how is this going to work? The wizard does not allow you to change the IP address.

colbyh · ‎02-14-2011

We struggled with this same issue. We had a client with an SA520 single static WAN IP address in front of the UC540 with SSL being used for email traffic forwarding to the mail server. As you have experienced you can't pass SSL VPN traffic to the SA and the UC540. Setup and configure the SSL traffic on the WAN port for your remote client for VPN configuration. Configure the second WAN port with another static IP on the SA. Create a firewall rule on the SA520 to forward SSL traffic to the UC540. Essentially WAN interface one is handling remote VPN the secondary WAN interface is handling the VPN configuration needed for remote SPA525G connectivity.