SR520 - CCA support for site-to-site VPN

d.clapham · ‎11-27-2009

Hi, does anyone have any idea when a release of CCA will be available that allows the configuration of sit-to-site VPN connections? CCA Version 2.1(1) allows for monitoring of site-to-site but NOT the creation of the VPN connection??!!!! (I have just downloaded CCA version 2.2 - it has more pretty icons but still no more functionality.)

OR...

Does anyone have any sample configs which incorporate site-to-site vpn connections within a CCA-configured router using zone base firewall and ezvpn server?

Steven DiStefano · ‎11-28-2009

https://supportforums.cisco.com/docs/DOC-9775

multisite manager is available if thats what you want?

tedtucker · ‎02-06-2010

This only works when using two SR520? Correct?

-Ted

Steven DiStefano · ‎02-18-2010

Sorry for the delay Ted, Just saw the thread again.

CCA MSM workes for UC 500's connecting directly to one another (without an SR520 as the firewall router) or with it.

d.clapham · ‎02-19-2010

That's great for UC500's - but what about site-to-site VPN connections between two SR520's (the original post!!)??

tlsarles0 · ‎06-08-2010

Has there been any progress with this? I am trying to configure a site to site VPN on an SR520 as well

Steven DiStefano · ‎06-08-2010

Progress :-)

https://supportforums.cisco.com/docs/DOC-9826

d.clapham · ‎06-08-2010

Great Steve - some pretty pictures with T1 configuration (not used in uk/europe) but still NO site-to-site VPN configuration. I don't see how this helps with this enquiry at all!!

Steven DiStefano · ‎06-08-2010

OK, sorry about that. I could swear I pasted in pictures of it used for multisite.

So I have an SR520-T1 in front of a UC520 and it is built using the CCA multisite manager.

What can I collect for you to help you get what you want.

If I understand, you want to know that the SR520-T1 can be integrated as part of the multisite (router in front of UC500), correct?

Steve

d.clapham · ‎06-08-2010

Hi Steve,

There are no UC500, nor voice devices involved. The installation simply consists of a network of four sites, each with adsl links to the Internet. The sites required linking in a hub-spoke network, using vpn links. I had hoped to offer a simple-to-manage ethernet/ethernet device to act as firewall/router/vpn termination device that the Customer could manage through a GUI interface. The SR-520 looks to fit the bill if the information on cisco.com is to be believed but in reality, I now have routers with an infantile firewall GUI interface and no GUI ability to configure site-to-site vpn connections. I have been able to configure the routers to offer all of the required functionality but only by using CLI (and now if CCA is now run it screws up the CLI!!??!!). This has not offered the Customer - an SMB user (target market??) a simple to manage GUI-based solution. I would have been far better using either 800/1800 series routers for a CLI interface, or ASA5505s for a GUI interface. (or possibly hardware from an alternative manfacturer!) The choice to use the sr-520 was made on available information on cisco.com - live and learn!