02-23-2012 09:53 AM - edited 03-21-2019 05:24 AM
We want to to route calls between 2 systems on a local lan. Each system will have their own subnets and vlans through a port on an ASA5510.
Currently the multi-site wizard wants to create a vpn for this connection through the wan port, but as we use an ASA we dont use the wan port, firewall, or vpn on the UC520.
How can this be done?
Edge - ASA
UC520 and (3) CE520 switches connected together on uplink ports
1 connection (lan) from UC520 to ASA
Thanks
02-24-2012 11:47 AM
Could you do something like this, especially if you have two VLANs
I would plug WAN port of each UC in the ASA, give them static IP say :
ASA : 192.168.10.254 (internal IP)
UC5XX - 1 : 192.168.10.10 (WAN PORT)
UC5XX - 2 : 192.168.10.15 (WAN PORT)
Then on the LAN side of UC5XX -1, use for example 192.168.15.0/24
And on UC5XX - 2, use 192.168.20.0/24
That way, you should be able to make a tunnel between the two UC5XX even thoug they don't have Public IPs...
I am not sure though that this will answer all your needs.
But anyway, it's an idea!
02-24-2012 12:41 PM
I had thought of that but there are servers and other devices that would be outside the wan tunnel that need local access to the pc's that are behind the wan interface on each system.
I need it to behave like there is no wan/firewall at all.
02-24-2012 01:38 PM
Just to be sure, you mean this :
02-24-2012 03:41 PM
This is actually what I had in mind. I currently have it all done by vpn with a single UC5XX at Site 1 and single phones at the remote site. We are using data vlans at the remote site so we do get problems with the phones but it works most of the time.
Now we want to route the calls across the private link but if we move the connections to WAN the vpn users wont be able to get access to the networks behind the UC5XX. Users at all sites need to be able to remote desktop into the servers at Site 1.
I was able to make it work by turning off nat, firewall and connecting the lan port to the ASA and then setup the vpns.
02-27-2012 06:15 AM
Please correct me if I'm wrong, but I believe you will need to split the point-to-point private Ethernet at both ends with a switch and hook up one connection to the ASA and another to the UC, on both ends. Also, another thing you might want to consider is not using the UC as a router (meaning your computers/servers will be behind the ASA instead of the UC); that way you don't have to worry about dealing with the traffic going inside your network on two separate routers (ASA and UC).
02-27-2012 04:06 PM
Hi Johnny,
In CCA version 3.2, you can setup Site-to-Site dialing without it being tied to the VPN. When adding Sites in Multisite Manager, you can choose 'Dialing Only' under Intersite Options. I believe this will accomplish what you're wanting to do.
Thanks,
Brandon
02-27-2012 06:55 AM
I thought of another setup during the weekend, maybe it would work for you?
Consider the following
Basically, everything is plugged in lan ports :
-Switch to ASA 5510 -> Lan port in UC to Lan Port 1 in ASA
-UC5XX-1 to ASA -> LAN Port 1 in UC to Lan Port 2 in ASA
-UC5XX-2 to ASA -> LAN Port 1 in UC to Lan Port 3 in ASA
Now, to link both UC, you assign each of them a static IP on their WAN side, in the same subnet. You link each of them together, and then build a Voice Only tunnel between them.
Could this work for you?
03-05-2012 08:08 AM
Thanks for all the answers. I will be working to try this out soon and I believe there are two best ways to go:
1. Hook the private ethernet to a unique interface and route traffic for the remote private site across it with no other changes to the current network (UC520, no firewall/nat, all switches and pc's are behind the UC5XX, UC5XX sends all traffic to the ASA.
2. Leave it hooked up as normal and connect the site to site ethernet to the wan port on each UC5XX and setup up the site to site. My only concern is as this is the wan port that CCA will arrange the config to force all traffic across it.
I will update once I have tried it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide