Multi-site without WAN Interface

Unanswered Question


I have a client interested in the UC systems, and I see the multi-site docs talk about using the WAN interface of the UC's. I would like to get information on the setup of two UC540's (25 user, 15users) over a WAN where it is connected to other gear.

I hope this is possible, if so what functionality and features do I loose in htis config?

Are there any tech docs on this type of setup?

Thanks in advance,

Bob James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcos Hernandez Mon, 02/22/2010 - 19:13
User Badges:
  • Blue, 1500 points or more

Got it. Not possible, unless you do a VPN between the two WAN routers, but I am sure you knew that. It is not a Cisco limitation, it is just the way Layer 3 VPN's work. You could change one of the LAN ports to a routed port, effectively making it a secondary WAN connection, but this is exactly the same as if you connected the UC500 WAN port to the LAN side of your WAN router.

Marcos Hernandez Mon, 02/22/2010 - 19:30
User Badges:
  • Blue, 1500 points or more

OK, with a VPN between the two routers, data between the two sites should be working already. I thought these routers were just connected to the Internet.

You just need to add dial peers on each site pointing to the other site, and make the data IP the source for the voice traffic. That is because I am assuming that both voice VLANs on each UC500 are still configured with the default subnet, 10.1.1.X.

Sample config for one site (for the other site, just reverse the IP's):


interface BVI1 <<<<< This is your Data VLAN Interface. It could also be VLAN1, depending on how you did it.

ip address A.B.C.D

h323-gateway voip bind srcaddr A.B.C.D


dial-peer voice 5500 voip

destination-pattern 8...  <<<<<< This assumes that you want to dial 8 and then the 3 digit extension of the remote site

session target ipv4:W.X.Y.Z


IMPORTANT:  You ned a translation rule to strip the "8" after the dial peer has been matched, or you can apply it at the receiving end.

Thanks Marcos any docs on this?

I am interested at what gets lost in the type of config (dial by name, directory look-up, all that good stuff or is it the same as Multisite?)

As well, when you say strip the number do you mean on inbound calling from the other UC I would strip it locally? Is there best practices for this and maybe the numbering,etc ?



Marcos Hernandez Mon, 02/22/2010 - 18:56
User Badges:
  • Blue, 1500 points or more


Can you explain the topology a little bit more? From your description, I do not understand exactly what yu want to do.



Steven Smith Tue, 02/23/2010 - 07:46
User Badges:
  • Gold, 750 points or more

The multisite manager for CCA by default setups the IPSEC tunnels.  It also works to change IP Addresses on the different systems to make this work correctly.  You have to use CLI because CCA doesn't support multisite in any other way. 

Changing the IP Address in CUE isn't required for this.  If you choose to do so, you will need to change the IP address of the loopback, service engine, change the route for CUE, and some ACL's.  In CUE, you will need to change the IP Address of the applications that point to SIP gateways, and possibly the NTP server, depending on how it is setup.  I think that would be everything you need to change, but I may have forgotten something.

OK, Now a different approach; they do want to use the FW capabilites of the UC's but it will not be the link between the two sites. They are other devices inside that send data over this link.

So back to my question, can I have two boxes (UC) at different sites that are over a traditional layer 3 network? Like two CME ISR's at two sites, or a CM server at a central office with CME server at a branch?

If yes I really need to speak to someone regarding design considerations as they have a lot of mobility between the two sites, could we use IP Communicator and have it register when someone goes to the other site, yet have one VM Box?

Also can I "dial" the other box and then jump off an outbound call from there, thus saving LD by dialing local at the other location, if so do I just need to strip and intersite dial number then process the 10 digit dialing locally as normal?

I have so many questions a talk in person would be better...

Bob James

Marcos Hernandez Thu, 02/25/2010 - 18:36
User Badges:
  • Blue, 1500 points or more

This requires a lot of CLI, design and planning. My knee jerk reaction is "go with ISR". We have never tested UC500 per se in this type of deployment.

Say it's not so.....

So what I am hearing is unless I use the WAN ports to do a VPN tunnel between two UC500's I cannot do (without a lot of " fudging") a UC500 to UC500 Multisite configuration?

Let me guess; they need to see each other via CDP?

OK this could cost me a great sale! I am well versed in CLI is there any design Engineers I could talk this through with?


Bob James

Another thought; what about a bigger UC system at one site and an 881 running SRST at the other (in event of WAN failure), will this work?

alissitz Thu, 02/25/2010 - 19:47
User Badges:
  • Silver, 250 points or more

Hello gents,

A very interesting thread.  Nice.

Bob - it sounds a little like you are asking for central call processing and not a distributed model.  Or you are asking for a distributed call processing product (UC500) to behave in a centralized manner ;-)

Centralized call processing sounds like it is better for what you want, mobility between sites with a single VM, etc ...SRST with CME at the remote office ...

You can do TEHO with any of the products ... a dial peer is just a dial peer.  Configure it, and it will route the calls accordingly.

Have you considered our Business Edition for centralized call processing?

We did a comparison of the voice platforms on last week's techie call.  Here is the link:

In the middle of this page is a link called "To View Past Event Recordings Click Here".

When you click this, look below for the Feb 18th recording.  It might be well worth the time to listen to this, as some of what you are writing about was addressed.


Andrew Lissitz

Thanks for the post what's TEHO?

I will review the links tomorrow.

We are talking about a small install and centralized would be fine IF the reliability of the WAN link was good, that's why I asked about SRST in the field.

Here's the scoop 25 users in one city office 15 users in the other (city) 100M WAN link between then. To me this looks ( and spends) like a UC to UC deployment; tehy also want local calling on each city and the ability to route calls over the WAN to save on LD.

Mistakenly I thought I could do with with a coupe of UC systems, but I guess it sounded too easy to me. Now that I have shown them the functionality of the UC systems they are very interested, now I have to go back and say probably not possible. If I can convince them to move all processing to the central office it might be a win, but if we loose the WAN we're toast.

Deploying the UC's in various configurations such as mentioned "appears" to be straight forward, I'm not sure why it's not....



Steven Smith Thu, 02/25/2010 - 20:18
User Badges:
  • Gold, 750 points or more


Tail End Hop Off.

Calls from site A use the PSTN trunks at site B.

Steven Smith Thu, 02/25/2010 - 20:36
User Badges:
  • Gold, 750 points or more

UC500's with an ISR is not supported, but it should work.  It is not manageable in CCA.  You can create multisite configurations on the UC500, but it will not configure the ISR's.

For support, ISR to ISR would be the way to go.


I'm confused now Marcos said it is possible just difficult, yet the recommendations are go Business or ISR.....

Am I trying to exceed the capabilities of the UC500 system or just CCA?

If it is an IPSEC tunnel between the two UC's does it do both Voice and Data, if yes what is the reserved bandwidth on the link for QoS VoIP?

To take this further, if I am able to get Site to Site tunnel between the two sites via the WAN port, how is internet access handled? As well as VPN client to Internet; for client is it hairpinned back out the interface? And for site to site does it hairpin as well at the central site?

I've attached a diagram

alissitz Mon, 03/01/2010 - 12:53
User Badges:
  • Silver, 250 points or more

Good afternoon Bob,

Thanks for the diagram.  Is this a private WAN?  If so, do you still want to have a VPN between?

Yes, you can simply perform static routing for Internet access.  According to the diagram, the UC500 would simply route to the Internet router.  Return traffic would be routed back to the UC500 and then to the clients.

I think we are all saying the same thing here, is that what you want to do with the UC500 series is possible, but not suggested or possible with the CCA management tool. There have been quite a few things mentioned in this posting ... centralized or de-centralized call processing, vpns with and without the WAN interface etc ...

Furthermore, since CLI is required for some of the customization mentioned here, and it is not supported by our Small Biz Support Center (SBSC) on the UC540 and UC560, it would be best to use a UC520 for this install. With the UC520, you can get pretty involved with the CLI and still fall within a supported install

I would hate to see you deploy something that is not supported ... Does all of this make sense? 

Do please respond to let me, kindest regards,


Yes Thank You Andrew, this is what I thought.

I am working with the client now to determine if we can do a site to site over this private link. Yes it is private and VPN would not be my first choice, but as you mentioned we want a good known supported configuration. This is only part of the proposal so the Small Business Pro support is important.

I do wish to keep this a supported configuration so I am going through the pros and cons of using "your" design best practice for this deployment with the customer.

Thanks to all respondents

Bob James

alissitz Thu, 02/25/2010 - 20:27
User Badges:
  • Silver, 250 points or more

TEHO = Tail End Hop Off.

This is the ability to avoid toll charges and have your calls traverse the WAN and 'tail end hop off' to the local carrier.  What you are looking for ...

Do please check that recording ... I think you will like it.

Afterwards, use the info from that recording and think of the calling patterns for your customer and what is required.  For most companies, the majority of their calling is in a distributed manner.

If a distributed calling model works, and if redundancy is required, then I would suggest the CME platform.  Not to state the obvious or anything but ... redundancy has its costs.  A trade off if you will, ... more expensive but redundant.

If redundancy does not fit into their budget or they are not interested, then your install could be achived via a UC500.

The Business Edition (BE) is also great for smaller deployments and offers redundancy.  BE offers centralized call processing ... so again, when you examine the customer's calling, this will help you choose the right model and product.


Andrew Lissitz


This Discussion