04-24-2013 04:31 AM - edited 03-21-2019 07:16 AM
good morning all,
i recently installed a UC560 for a client on a local site using Cisco Configuration Assistant. Version: 3.2 (2)
system details:
UC560
running latest revision 8.6.1
all inbound/outbound calls via siptrunk
system is all working as desired
the client now wishes to move the UC560 to there datacentre for resilience purposes; having read the latest CCA 3.2 admin guide (page 461)
the deployment assumes the use of a UC560 at each site and the creation of a full-mesh VPN between sites to achieve this; the customer does not want to purchase additional UC500 units
within the datacentre they also have a private link back to the siptrunk service provider so my thinking is as follows
1.create a new local dhcp pool on the switch in the HQ for the phones in a new subnet and set the option 150 to point to the UC560 in the DC
ip dhcp pool phone
network 10.1.24.0 255.255.255.0
default-router 10.1.24.1
option 150 ip 10.1.25.1
!
int vlan 25
description ***VOICE VLAN
ip address 10.1.24.1 255.255.255.0
!
2. create a L2L VPN between the HQ ASA and the ASA in the DC
HQ VOICE Subnet <----10.1.24.0/24 --> <---ASA FIREWALL ---> <---L2L VPN ----> <---ASA IN DC ----> <----10.1.25.0/24----> DC UC560 Voice subnet
3. create a route on the UC560 back to the 10.1.24.0/24 subnet via the ASA in the DC
4. configure the WAN IP on the UC560 with an IP from the allocated range issued on the private link back to the siptrunk provider
the phones will then get an address from the locally defined voice subnet in the HQ in this example 10.1.24.0/24 the option 150 is then set to 10.1.25.1 which is the IP of the UC560 in the DC. as the VPN is in place between the sites via the ASA firewalls traffic to and from the UC560 can flow and calls can go in/out via the WAN interface with connects directly to the siptrunk service provider
the reason for coming up with this work around is that i cant see how you can use multisite manager to just create a VPN between the WAN side of the UC560 and another ASA/VPN router it only mentions setup to another UC560, nor does the deployment guide suggestion any other alternatives
as this configuration has been done using CCA and i do not want to mess it up by amending it via the CLI
there are a few more remote locations with single users so my idea here is to use the Phone VPN setup wizard and use SPA525G2 handsets with the built in SSL VPN client; these phones will then connect to the WAN side on the UC560
does anyone have any other sugesstions/alternatives or input towards this and most importantly will what i am suggesting work
thanks in advance for taking the time to read though this.
04-24-2013 02:37 PM
Hello Matthew,
You will need to add the route to and from the CUE (TFTP source) subnet - 10.1.10.0 255.255.255.252 or whatever it is.
Otherwise everything seems ok.
Best regards,
Alex
04-25-2013 01:41 AM
arh yes of course otherwise voicemail etc would not work.
i might have found an easier solution as the client is running a VLPS network between the sites im thinking the easier option than having to create VPN's is to just span the voice VLAN between sites via the VLPS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide