UC560 Setup with NAT and firewall disabled

Unanswered Question

I'm new to the UC560 world and am trying to get my NFR box setup on my network without removing my current firewall.  I've gone through the attached guide and removed firewall and NAT configs.  Right now I have the WAN port configured for an IP on my LAN and am managing through it. How do I tell the UC to communicate with phones through the WAN port?  or do I need to configure a different port?

Any advise from those out there not using their UC as firewall?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven DiStefano Wed, 03/17/2010 - 12:27
User Badges:
  • Blue, 1500 points or more

I would leave the Voice VLAN as it is on the UC500 and add the following routes to the FW Router which sites in front of the UC560, with its WAN IP a static IP on your FW Routers data vlan...

If you wanted to leave the UC560 data vlan in tact, you can add a route for it too:

The default route for the UC500 will be the Router FW router.

Is this what you are looking for?


Makes sense on the VLANs, thanks.  So I am fine having only the WAN port on my UC plugged up to my network?

Can't seem to get the phones to find the Voice VLAN DHCP server running from the UC560 and I was worried it was being broadcast over a different port.  Must be having a VLAN config issue if thats not the case...

If you are behind the firewall don't use the WAN port, it's the easiest way. Just use the expansion port to other switches and trunk. You don't need NAT or a firewall and the Voice and Data VLANs will work fine.

I forgot you will also need to add teh route to the 10.x.x.x network (for phone) pointing to the Data IP of the UC if you have another router in play.


Steven DiStefano Thu, 03/18/2010 - 05:33
User Badges:
  • Blue, 1500 points or more

We posted a doc on placing an SA 500 (security router) in front of the UC 500 and did it with the one WAN connection to the SR 500, but I suppose if I wanted route diversity, I could have implemented dual WAN on the SA 500.  But UC 00 has only 1 WAN link (FE 0/0) supported.

Lab # 6 on this link: https://supportforums.cisco.com/docs/DOC-9836

Would you like to share your design to be review?   We have a "PDS" support you can  try.


(PM me if you use it and I'll assist)

So the phones would be plugged into the UC560 switch, plugged into one if its expansion slots, and they (phones) should get addresses in the Voice Vlan 100 on the UC560.  Data clients would get IPs from Data VLAN 1on the UC560.