I am currently replanning the network topology at work. We currently have an ASA5500, a UC520 w/ CE520 24pt, and a cisco AP, i don't recall the model.
we have 2 seperate physical networks for voice and data from the location to the voice/data patch panels. the Data panel patches down into the CE520, while 6 hot ports from the voice panel patch into the UC520 w/ 4 PTSN lines. the WAN patches into the ASA5500 which then downlinks to a port on the CE520. the CE520 and the UC520 are linked between the expansion port on the UC520 and the GBit1 port on the CE520. we have 4 PSTN ports filled and will be using at least 1 of the DID lines when the system rolls live. the telephone system operates inbound and outbound as it should as far as i can tell. All of our wifi IP phones are connected. our 4 test lines function how they are setup and ring the proper extensions at the proper times. you can make calls out without issue as well.
the UC520 has a cisco firewall and VPN support. do we really need the ASA, or can we pull that from the topology and utilize it at one of the remote VPN locations? i'm new to cisco from an administrative stand point and have a beginning to moderate understanding of routing. as it sits i cannot access the UC from the VPN, though i can access it from the aforementioned workstation beautifully. i can see our cisco AP, which is plugged into the CE520, and i can see the network room wifi IP phone. however i cannot access the UC on the VLAN100. i am pretty sure a routing table modification in the right place would make it all work, and probably let me browse the internet while connected to the vpn with the cisco vpn client as well, but is the ASA really necessary? From what i am reading, the UC520 does everything you need a gateway/firewall to do, including the needed VPN support. what would be the downside of removing the ASA from the network and configuring the UC to run VoIP, VPN and the firewall? I assume that could only make things easier when trying to deploy IP phones across a VPN as well..