I have managed to configure a remote site connection to a UC500 via a Cisco SRP and a SA500.
I the process of setting it all up I did search arround for any documents but they all had the remote end point using a Cisco SR (800).
So as this might help other people I will post what I have done.
*This is probally not the best way, or the most secure way. But this is the best way I have discovered with the restrictions that I had inplace.
So first off you will start with the basic UC500 local deployment, for the data VLAN I am using "10.0.0.0/24" and for voice I am using "10.1.1.0/24"
Rather then having the UC500 as the router/firewall our customer already had a Cisco SA500 and wanted to continue using that device as the main router for VPN and NAT etc... so this is plugged into the an ESW on the Data VLAN.
UC560 DATA - 10.0.0.253 /24
UC560 VOICE - 10.1.1.1 /24
SA500 - 10.0.0.254 /24
SRP DATA - 192.168.15.1 /24
SRP VOICE - 192.168.100.1 /24
So now we create a route on the Cisco SA to the voice network via the UC560
10.1.1.0 255.255.255.0 10.0.0.253 (LAN Interface)
Check connectivity by pinging the UC Voice interface (10.1.1.1) via the SA's web interface
You can now create a IKE Policy between the Cisco SA and a remote SRP
Create an IPSec Policy to encapsulate the Data VLAN on the UC to the Data VLAN on the SRP
Create a 2nd IPSec Policy to encapsulate the Voice VLAN on the UC to the Voice VLAN on the SRP
Create the VPN and IPSec Policys on the remote SRP and check the VPN is connected.
These two IPSec Policys should be attached to the same IKE policy for the Remote site
You will now need to create a route on the UC for the VPN network
Router(config)# ip route 192.168.15.0 255.255.255.0 10.0.0.254
Router(config)# ip route 192.168.100.0 255.255.255.0 10.0.0.254
From the Cisco UC you should be able to ping the SRP over the VPN
Now when you plug in a IP Phone is should stuck in the "Downloading Config.xml.cnf" screen while it attempts to connect to the UC and download the its config file. First off all you will need to edit the DHCP scope on the SRP for the Voice VLan and add the IP address for the UC Voice Vlan to the TFTP options. Now the Phone can connect to the UC560 over the VPN to TFTP the config file and firmware, but for some reason the TFTP retuning traffice gets lost as the UC sees it comming in on VLAN100 so you need to add a TFTP Soruce-Interface comand.
Router(config)#ip tftp source-interface vlan100
I have tested this on the local site and it doesn’t seem to effect the local phones on VLAN100
The Phone should now register and you should be able to make calls.
If I had made any mistakes or have left something completly open, please let me know.
QuestionDear All,I'm currently looking for firmware version 220.127.116.11 for Linksys SPA400 Analog Telephony Gateway. Unfortunately, my device was bricked and I was able to recover it using a recovery tool and recovery firmware version 18.104.22.168 but can't find v...
Change in ASD Automatic Software Download Feature
Dec 13th, 2019
Cisco RV160, 260, 340, and 345 Series Routers
Due to an API change in Cisco’s software download platform the Automatic Download Feature (ASD) on RV series routers will be temporarily ...
SFP Module Support List for RV160x and RV260x Devices
Small form-factor pluggable (SFP) ports are included on the RV160 and 260 routers to allow the use of optical SFP transceiver modules. SFP’s convert the optical signals to electrical signals. SFP’s al...
Welcome and thanks for visiting the Small Business Community Newsletter. This is our first of what we will make a monthly newsletter where you will be provided information on New products and trends, What’s ...