Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
3
Replies

VPN Problem with UC560 and SRP541W

AquaLabs2010
Level 1
Level 1

‎10-10-2012 02:46 PM - edited ‎03-21-2019 06:25 AM

Good morning,

I explain the problem that i have and i am not able to find the solution.

In the central office i have a UC560, we want to connect from a remote office some SPA504 and 7962 phones directly to the UC560, we want that the remote office be as a part of the central office. I understand that we must use a Site to Site VPN.


For the Site to Site VPN we installed a SRP541W in the remote office. I understand that this device is right for this.

Well, the problem is that once installed and configured the SRP541W for the Site to Site VPN, the SRP541W indicates that the VLAN Data is connected, but the rest of VLANs and phones are not connect.

I've done a thousand tests IPSec policies and ACL but i can not find the solution.

Does anyone know or can tell me where i am failing or how i must to configure it?

Data and settings that i configured:

UC560

WAN Address              xxx.xxx.xxx.1

VLAN DATA (1)            10.14.100.1/24

VLAN VOICE (100)       10.1.20.1/24

VLAN CUE (90)            10.1.10.2/30

SRP541W

WAN Address              xxx.xxx.xxx.2

VLAN DATA (1)            10.24.10.1/24         DHCP Data        10.24.10.0/24

VLAN VOICE (100)       10.24.20.1/24         DHCP Voice       10.24.20.0/24       Manual TFTP    10.1.10.2

UC560 Site to Site

SITE1

WAN Address                                  xxx.xxx.xxx.1

UC500 Data VLAN IP Address           10.14.100.1/24

VPN Only

SITE2

WAN Address                                  xxx.xxx.xxx.2

UC500 Data VLAN IP Address           10.24.10.1/24

VPN Only

SRP541W

IPSec Policy

Policy DATA

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.10.0/24

Remote IP Group           10.14.100.0/24

Policy VOICE

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.20.0/24

Remote IP Group           10.1.20.0/24

Policy CUE

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.20.0/24

Remote IP Group           10.1.10.0/30

 

Policy DATA status is connected, other are not connect

Thank you very much for all your help

Best Regards

Miguel

Labels:
0 Helpful
3 Replies 3

bkwon
Cisco Employee
Cisco Employee

‎10-11-2012 11:19 AM

with my first glance, you better consolidate voice and cue into 1 policy

Policy VOICE

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.20.0/24

Remote IP Group           10.1.20.0/24

Policy CUE

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.20.0/24

Remote IP Group           10.1.10.0/30

change to

Policy voice/CUE

Remote Endpoint           xxx.xxx.xxx.1

Local IP Group              10.24.20.0/24

Remote IP Group           10.1.0.0/16

please let me know the result.

0 Helpful

AquaLabs2010
Level 1
Level 1
In response to bkwon

‎10-14-2012 11:51 PM

Dear Bongsu,

Thanks for your help, same result, second policy doesnt connect, only connect the first policy (Policy DATA), i tried to put this policy in first place but in this case the vpn doesnt come up.

Regards

0 Helpful

bkwon
Cisco Employee
Cisco Employee
In response to AquaLabs2010

‎10-15-2012 10:46 AM

you have to consolidate UC560 side as well, both side should be matched for SA exchange.

crypto map multisite 1 YYY

match address XXX

access-list XXX permit ip 10.1.0 0.0.255.255 10.24.20.0 0.0.0.255

also ip nat acl should be adjust like...

access-list 105 deny   ip 10.1.0 0.0.255.255 10.24.20.0 0.0.0.255

0 Helpful
Customers Also Viewed These Support Documents