Showing results for 
Search instead for 
Did you mean: 

4-site multisite configuration



I have read two good documents on multi-siteing the UC5xx.

But they seem omit two important details.

1.  My edge device/firewall is a Watchguard firewall (not my choice!).  Should the vpn tunnels between the site terminate on the UC boxes or the Watchguard firewalls.

2. I know the data vlan subnet has to be unique at each site, but does the vlan ID have to be different?

3. Can the voice vlan subnet and vlan ID be the same at each site?  I have seen no mention in the two documents that states they must be unique, so I am assuming they can be the same.

4. Any other ideas are welcome!

Thank you.


3 Replies 3

David Trad
Rising star
Rising star

Hi Clifford,

1. VPN Needs to terminate on the UC so have the watch guard forward the ports to the UC

2. No VLAD ID can be the same, so long as the subnets are different

3. VLAN ID yes, subnets? No... They must be different, CCA Multi-Site-Manager will take care of all this anyway, it is nit something you have to think about too hard, but they must be different for routing purposes of both calls and data.

4. Yes.... Please make sure to use CCA to built the Multi-Site configuration for all the systems, CCA does it for you in seconds, where doing it by hand (CLI) can take hours if any form of complex call routing is required.



Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *


In CCA 3.2, which is available now, you can do Multisite without requiring the VPN terminate on the UC.  When setting up the remote site, you can choose the Intersite Option to 'Dialing Only'.  That way, the VPN can be between the Watchguard firewalls if you want.



Hi David,

I am working on this project in conjunction with another I.T. company.

The other I.T. Company is in charge of the existing 'computer data' network.

I will be in charge of designing and creating the 'voice' network

The Other I.T. Company demands that the existing 'computer data' network exist on its own physical network, separate from the future 'voice' network.

The Other I.T. Company will support this demand by providing a second LAN interface on their Watchguard (ouch) firewalls that will connect to the WAN interfaces of the UC 5xx boxes.

Side Note: Of course the Other I.T. Company will have to provide at least a /30 subnet between the second LAN interface of the Watchguards and the WAN interfaces of the UC5xxes. These subnets are in addition to the "UC5xx DATA" subnet ip's.

Since the existing 'data network', does and will continue to support the pc's, servers, printers, etc, "technically" I will not need a "UC5xx DATA" subnet for my UC5xx.

But I am thinking that I actually DO NEED a 'UC5 xx DATA' subnet for my UC5xx boxes, so I can route voice and other UC-required data between them.  <--Please confirm this.

Also,  the LAN ports on the UC5xx boxes will terminate to a PoE switch that supports the VOIP phones and the voice subnet.  i think that this will also  provide 'physical' termination for the 'UC5 xx DATA' interface to bring the DATA subnet interface UP UP (admin UP line Up) <--Please confirm this.

Thank you!

Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: