Re: Intersite connectivity with UC560

rinchu.raj · ‎07-07-2012

HI,

I am trying to implement intersite connection with two uc560.I am using dyndns for establishing the connection . Here the problem which I am facing is ,

in first site-(Site A) before UC560 the internect connection is shared with sonicwall TZ200 and on other site(Site-B) there is one broadband router.The connection which I had made over the site is , I had taken LAN connection from both devices to the WAN port of UC560 and IP address release over the WAN port is in the same range of sonicwall and broadband router's LAN network. I had configured DDNS account also inside UC560. i am able to ping the dns name from outside world too.but after configuring the multisite establishment prerequesists , I ma not able to communicate both the sites.

Please suggest me a propoer way for doing the multisite communication with Dyndns account.

Alexander Maroukian · ‎07-08-2012

Hello Rinchu,

In the status of the multisite does it shows VPN as up?

In the field of the site you should enter the DNS names not the ip.

Change the ip addresses of the wan port of the UC560 to static and make the UC560 DMZ on the routers in front of the UC.

Also LAN side data vlan of the both UC500 should be different e.g. UC560 site1 - Data vlan - 192.168.10.0, UC560 site2 -data vlan - 192.168.20.0.

You may also change the wan ip netowrk on the both on site 1 - 192.168.1.0, on site b 192.168.2.0.

Best regads,

Alex

rinchu.raj · ‎07-10-2012

Thank u Alex for ur reply...

And if I am establishing VPN tunnel b/w site to site what will be the next step to connecting two UC560 together?

Because on the first discussion i made the network too complecated.

Please suggest me .....

Regards,

Raj

paolo bevilacqua · ‎07-10-2012

Classic site to site ipsec VPN with dynamic addresses on both sides on Cisco IOS is doable, but not easy, it took myself a long time to get it right.

Once you hace configured dynamic dns you will need to use a special dynamic keywork for the peer in crypto map, and use some kind of large netmask for the shared keys.

One alternative could be easy VPN, but if the 'server' side changes address, that might fail miserably too.

So, either get at least one static address, or be ready to spend a lot of time, or hire a truly smart expert for the job.

rinchu.raj · ‎07-10-2012

I am still continuing with DDNS only and I established VPN between two site with sonicwall. Is UC560 will communicate together behind this VPN? .

Alexander Maroukian · ‎07-10-2012

Hello Raj,

If you have connectivity between the two WAN ports of the UC500 over the other VPN then you may try to create multisite VPN when you just enter the WAN address of the other site wan address if it is reachable.

Best regards,

Alex

paolo bevilacqua · ‎07-10-2012

I have seen before that sonicwall VPN doesn't work very good, so you may have problems in doing that.

Anyway if it works, Cisco doesn't need dynamic DNS then.

rinchu.raj · ‎07-23-2012

Hai ,

My attempt for configuring VPN b/w 2 UC's behind Sonicwall got failed and now I established PPPoE connection in UC560 and I am able to share internet connection and more over I can access both UC from outside too. But when I am trying to establish my multisite connection , it gets failed and getting a message of

There is an error in the current multisite configuration. If you would like to try to remove the existing multisite configuration please click the button below. Otherwise, you cannot proceed with using the multisite manager.

A problem was detected in the running configuration that may interfere with a multsite configuration:

A matching NAT ACE is missing for existing crypto ACE

Click Cancel and manually reconcile the configuration, or click Remove Existing Configuration to continue.

Please suggest me to overcome to solve this issue and get VPN estableshed..