Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1220
Views
0
Helpful
8
Replies

How to multi-site UC5XX with (no wan/vpn) as local to local

eoncablewire
Level 3
Level 3

‎02-23-2012 09:53 AM - edited ‎03-21-2019 05:24 AM

We want to to route calls between 2 systems on a local lan. Each system will have their own subnets and vlans through a port on an ASA5510.

Currently the multi-site wizard wants to create a vpn for this connection through the wan port, but as we use an ASA we dont use the wan port, firewall, or vpn on the UC520.

How can this be done?

Edge - ASA

UC520 and (3) CE520 switches connected together on uplink ports

1 connection (lan) from UC520 to ASA

Thanks

Labels:
0 Helpful
8 Replies 8

mdube
Level 1
Level 1

‎02-24-2012 11:47 AM

Could you do something like this, especially if you have two VLANs

I would plug WAN port of each UC in the ASA, give them static IP say :

ASA : 192.168.10.254 (internal IP)

UC5XX - 1 : 192.168.10.10 (WAN PORT)

UC5XX - 2 : 192.168.10.15 (WAN PORT)

Then on the LAN side of UC5XX -1, use for example 192.168.15.0/24

And on UC5XX - 2,  use 192.168.20.0/24

That way, you should be able to make a tunnel between the two UC5XX even thoug they don't have Public IPs...

I am not sure though that this will answer all your needs.

But anyway, it's an idea!

0 Helpful

eoncablewire
Level 3
Level 3
In response to mdube

‎02-24-2012 12:41 PM

I had thought of that but there are servers and other devices that would be outside the wan tunnel that need local access to the pc's that are behind the wan interface on each system.

I need it to behave like there is no wan/firewall at all.

0 Helpful

mdube
Level 1
Level 1
In response to eoncablewire

‎02-24-2012 01:38 PM

Just to be sure, you mean this :

0 Helpful

eoncablewire
Level 3
Level 3
In response to mdube

‎02-24-2012 03:41 PM

This is actually what I had in mind. I currently have it all done by vpn with a single UC5XX at Site 1 and single phones at the remote site. We are using data vlans at the remote site so we do get problems with the phones but it works most of the time.

Now we want to route the calls across the private link but if we move the connections to WAN the vpn users wont be able to get access to the networks behind the UC5XX. Users at all sites need to be able to remote desktop into the servers at Site 1.

I was able to make it work by turning off nat, firewall and connecting the lan port to the ASA and then setup the vpns.

0 Helpful

renato.guimaraes
Level 1
Level 1
In response to eoncablewire

‎02-27-2012 06:15 AM

Please correct me if I'm wrong, but I believe you will need to split the point-to-point private Ethernet at both ends with a switch and hook up one connection to the ASA and another to the UC, on both ends. Also, another thing you might want to consider is not using the UC as a router (meaning your computers/servers will be behind the ASA instead of the UC); that way you don't have to worry about dealing with the traffic going inside your network on two separate routers (ASA and UC).

0 Helpful

Brandon Turpin
Cisco Employee
Cisco Employee
In response to eoncablewire

‎02-27-2012 04:06 PM

Hi Johnny,

In CCA version 3.2,  you can setup Site-to-Site dialing without it being tied to the VPN.  When adding Sites in Multisite Manager, you can choose 'Dialing Only' under Intersite Options.  I believe this will accomplish what you're wanting to do.

Thanks,

Brandon

0 Helpful

mdube
Level 1
Level 1

‎02-27-2012 06:55 AM

I thought of another setup during the weekend, maybe it would work for you?

Consider the following

Basically, everything is plugged in lan ports :

-Switch to ASA 5510 -> Lan port in UC to Lan Port 1 in ASA

-UC5XX-1 to ASA -> LAN Port 1 in UC to Lan Port 2 in ASA

-UC5XX-2 to ASA -> LAN Port 1 in UC to Lan Port 3 in ASA

Now, to link both UC, you assign each of them a static IP on their WAN side, in the same subnet. You link each of them together, and then build a Voice Only tunnel between them.

Could this work for you?

0 Helpful

eoncablewire
Level 3
Level 3
In response to mdube

‎03-05-2012 08:08 AM

Thanks for all the answers. I will be working to try this out soon and I believe there are two best ways to go:

1. Hook the private ethernet to a unique interface and route traffic for the remote private site across it with no other changes to the current network (UC520, no firewall/nat, all switches and pc's are behind the UC5XX, UC5XX sends all traffic to the ASA.

2. Leave it hooked up as normal and connect the site to site ethernet to the wan port on each UC5XX and setup up the site to site. My only concern is as this is the wan port that CCA will arrange the config to force all traffic across it.

I will update once I have tried it.

0 Helpful
Customers Also Viewed These Support Documents