Showing results for 
Search instead for 
Did you mean: 

SSL VPN on 525G with SA520

Level 1
Level 1

So how do you get teh SSL VPN on a 525G to work when there is an SA520 in front of the UC540?

3 Replies 3

Alberto Montilla
Cisco Employee
Cisco Employee

Dear Sir;

VPN should go directly to the UC540. Not sure whether you are asking this or the specific instructions on the SA500 settings.


Thanks for the response Alberto.  I know the VPN needs to terminate at the UC, but I have to pass it

through the SA.  But the UC would seem to require a public IP address on the WAN in order for the wizard

to configure the phone.  As you run the wizard it lists the remote IP address that the phone needs to connect to, which is the WAN address.  If this is a non-routable address, how is this going to work?  The wizard does not allow you to change the IP address.

We struggled with this same issue. We had a client with an SA520 single static WAN IP address in front of the UC540 with SSL being used for email traffic forwarding to the mail server. As you have experienced you can't pass SSL VPN traffic to the SA and the UC540. Setup and configure the SSL traffic on the WAN port for your remote client for VPN configuration. Configure the second WAN port with another static IP on the SA. Create a firewall rule on the SA520 to forward SSL traffic to the UC540. Essentially WAN interface one is handling remote VPN   the secondary WAN interface is handling the VPN configuration needed for remote SPA525G connectivity.