Hi Brandon,

I'll Try and answer your questions...

Is the UC540 sitting behind the 800 router, which requires the port-forwarding?

Yes it is sitting behind a Cisco 857 router, and is currently doing all the port forwards on all incoming traffic

 Do you have an extra public ip address (or can you get one) to setup 1-to-1 NAT on the 800 router for this?

No the client will not pay for this as it is a significant cost here in Australia to purchase an extra IP address on a monthly basis from the carrier, and especially just to do VPN only, there would need to be a greater justification for this and right now there is not.

That would be a cleaner solution than configuring EZVPN over TCP via CLI.

Yes and no, in the past this was simple to do and achieve on CLI, the issue now is the restrictions of staying within CCA operational modes and it is clearly frustrating but something I am willing to deal with.

I am trying to convince their I.T house who manage that side of the network to create the EZ_VPN on the 857 instead and just make all the subnets routable, but they are not happy to do so given the issues they have had in the past with setting this up, and since we do not manage this router I am unable to make configuration changes to it which would only take me 15 or so minutes to do.... A rock between a hard place I think the saying goes????

Love Cisco systems, hate it when you have to integrate it into existing network and you have terratorial issues that you know just wont get resolved

I get laughed at daily here by the LG-Erricson stooges, always constantly telling me, program the LG phone system, give it an IP address and never hear back from the customer again until they need something... MEH! I think we both know this is just not possible with Cisco's

Cheers,

David.