Showing results for 
Search instead for 
Did you mean: 

UC560 Multisite setup question

good morning all,

i recently installed a UC560 for a client on a local site using Cisco Configuration Assistant. Version: 3.2 (2)

system details:


running latest revision 8.6.1

all inbound/outbound calls via siptrunk

system is all working as desired

the client now wishes to move the UC560 to there datacentre for resilience purposes; having read the latest CCA 3.2 admin guide (page 461)

the deployment assumes the use of a UC560 at each site and the creation of a full-mesh VPN between sites to achieve this; the customer does not want to purchase additional UC500 units

within the datacentre they also have a private link back to the siptrunk service provider so my thinking is as follows

1.create a new local dhcp pool on the switch in the HQ for the phones in a new subnet and set the option 150 to point to the UC560 in the DC


ip dhcp pool phone



option 150 ip


int vlan 25

description ***VOICE VLAN

ip address


2. create a L2L VPN between the HQ ASA and the ASA in the DC

HQ VOICE Subnet <---- -->                     <---ASA FIREWALL --->            <---L2L VPN ---->           <---ASA IN DC ---->           <---->  DC UC560 Voice subnet

3. create a route on the UC560 back to the subnet via the ASA in the DC

4. configure the WAN IP on the UC560 with an IP from the allocated range issued on the private link back to the siptrunk provider

the phones will then get an address from the locally defined voice subnet in the HQ in this example the option 150 is then set to which is the IP of the UC560 in the DC. as the VPN is in place between the sites via the ASA firewalls traffic to and from the UC560 can flow and calls can go in/out via the WAN interface with connects directly to the siptrunk service provider

the reason for coming up with this work around is that i cant see how you can use multisite manager to just create a VPN between the WAN side of the UC560 and another ASA/VPN router it only mentions setup to another UC560, nor does the deployment guide suggestion any other alternatives

as this configuration has been done using CCA and i do not want to mess it up by amending it via the CLI

there are a few more remote locations with single users so my idea here is to use the Phone VPN setup wizard and use SPA525G2 handsets with the built in SSL VPN client; these phones will then connect to the WAN side on the UC560

does anyone have any other sugesstions/alternatives or input towards this and most importantly will what i am suggesting work

thanks in advance for taking the time to read though this.

2 Replies 2

Hello Matthew,

You will need to add the route to and from the CUE (TFTP source) subnet - or whatever it is.

Otherwise everything seems ok.

Best regards,


arh yes of course otherwise voicemail etc would not work.

i might have found an easier solution as the client is running a VLPS network between the sites im thinking the easier option than having to create VPN's is to just span the voice VLAN between sites via the VLPS