We are setting up a new UC560 system with a SF300-24P switch. Our regular network is on 192.168.224.xxx / 255.255.248.0 and we manage our internet connection through a Microsoft TMG server.
We changed the IP address of the UC560 to 192.168.230.15 so it would integrate with our network and disbled DHCP on the data VLAN (our domain controller has DHCP enabled). Now we cannot communicate with the CUE anymore, since there is no route to the CUE interface.
Our default gateway is 192.168.230.3 (TMG) and if I change the gateway to 192.168.230.15, we can connect to the CUE again, since the UC560 has a static route to the CUE subnet. I tried addind a static route to TMG so that 10.1.10.x routes to 192.168.230.15, but it's still a no-go.
Generally speaking, that is the right configuration. You need to point the route to another interface on the same network that does have a route to CUE, in this case you set your default gateway .3 to route 10.1.10.x requests to .15. There should also be a route back to the 192.168 network from CUE, which also seems to be the case since you can communicate when your default gateway is .15. How is the data vlan configured on the UC? Do you have the same subnet, /21, as you actually use on the network? If not, then the UC is not aware that the subnet is larger than a /24, and it doesn't know how to route back. What are the route statements you have on the UC? Is the network integrated through the WAN port of the UC?
You can always try pulling the access-list off of CUE temporairly to see if that is causing the traffic to get blocked. You can also do a traceroute to see where the traffic is being routed to and what the last hop is before failing. Finally, you can also add a route manually in Windows by doing the following: route add 10.1.10.0 mask 255.255.255.252 192.168.30.15
Hope this helps. Let me know if you have questions regarding this.
Ah, thank you for putting me on the right track. I had to put the 10.1.10.x range in my "Internal" network in TMG. Now TMG will route properly to the CUE subnet.
So, ould that be a "best practice" installation? We basically left all the default VLANs on the UC560 and the SF300 and let the "auto-voice-VLAN" feature do its thing. We only changed the subnet of the data VLAN and disabled DHCP on it.
This is a pretty common scenario when a customer has an existing network that thet to integrate the UC into. So best practice would be to modify vlan 1 to match your existing data vlan, connect the UC to the lan via a switchport and not the WAN port, disable the UC's DHCP on the data vlan, add a static default route on the UC so it can connect to the internet(mainly if using SIP), and add routes on your existing default gateway to CUE and the voice vlan.