Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Multisite Deployments

Is there any documentation on multisite deployments (2-site in this case) with an SA540 in front of the UC500, and a Non-Cisco security appliance in front of the other UC500.  Does the multisite tab in CCA even work in this scenario, or is it only meant to work when the UC WAN is on the public Interent (as oppose to having a private IP when connected to the security appliance)?

Has anyone done this config successfully?  Any tips?

Thanks.

Everyone's tags (3)
5 REPLIES
Cisco Employee

Multisite Deployments

Hi,

In CCA, the Multisite Manager will configure a site-to-site VPN tunnel.  As long as the devices in front of the UC500s are forwarding udp 500 (ISAKMP) and udp 4500 (for NAT-T), then it should work. 

Let me know if you're seeing issues with it.

Thanks,

Brandon

Community Member

Re: Multisite Deployments

I should have added that I wanted the two security appliances to do the site-to-site, not the UC's.  And of course the intersite dialing to work.  I know it works when the UC's are doing the site-to-site.

Thanks.

Community Member

Re: Multisite Deployments

The CCA multisite configuration would not be used in this scenerio.  There should not be any problems with using this type of configuration.  You just need to make sure the right traffic is forwarded to the other site though the VPN, and that traffic is then forwarded to the local UC500.   I have not seen any documentation, or enablement labs with that type of setup.

Thank you,

Darren

Cisco Employee

Re: Multisite Deployments

Hi,

As Darren mentioned, CCA Multisite Manager currently doesn't do the intersite dialing part without the VPN.  This is on the roadmap for an upcoming CCA release.

Thanks,

Brandon

Community Member

Multisite Deployments

But it is not to say that CCA cannot be used to setup the Dial-Peers for this, for instance, just go about it like as if the UC was the concentrator, let it create the entire configuration and then turn it off (But make a copy via CLI of the Dial-Peers it created) and then have the edge routers setup the VPN tunnel and...BINGO!!! Bobs your uncle

At least then you are staying within support scope call it a back door work around without getting in trouble

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
1021
Views
0
Helpful
5
Replies
CreatePlease to create content