Starting a new UC520 multi site implementation and have a few questions in regards to what is and what is not supported now in CCA. We have done most of this before without using CCA but would prefer to use CCA if possible.
Site 1 - 48 user with PRI and 100 DIDs and 2 POTs for failover
Site 2 - 24 user with SIP Trunk and 25 DIDs and 2 POTs for failover
Not using the integrated firewalls at either locations. Using an existing firewall solution at both sites. Need to configure site to site extension dialing.
Of the above items can I do all of this now with CCA. It sounds like I can, but it also appears that the multi-site function in CCA is only if I am using the integrated firewall.
If the existing firewalls were SR520's, this would work. Other than that, I believe you are correct. You would need the UC to have its existing firewall.
Ignore the IPSEC portions. You can also change the dial-peers and translation patterns to be more to your liking if you so choose.
When you ignore the IPSEC portions, it would be good for you to have IPSEC between your firewalls so that the devices can communicate.
The multisite manager in CCA 2.1 will work only if:
Future versions of the multisite manager will support UC520 units placed behind a SR520-ADSL, SR520-FE, or SA500.
If you cannot use the multisite manager, but all of your sites have IOS-based VPN routers, you can set up VPNs using tunnel interfaces. Tunnel interfaces is the easiest way to do VPNs when you cannot use the CCA multisite manager.
Advantages of tunnel interfaces:
Disadvantages of tunnel interfaces:
Here is how to set up a IPsec static tunnel interface:
IPsec static tunnel interfaces are the easiest to set up. I have also tested the configuration at many of our customer sites, and I know that this configuration behaves correctly. All of the software releases on UC500 units support this feature, and as far as I know, the IPsec tunnel interface behaves correctly on all of the IOS versions supported on the UC500 platform.
CCA does not currently support tunnel interfaces for site-to-site VPNs. However, CCA 1.9 and later will support dynamic tunnel interfaces for Easy VPN.
Just reviving this thread, can we do the multisite behine SA540's? If so do we need the WAN interface and IPSEC, or can the tunnels terminate behind the SA540's?
Thanks in advance,
Thats the way I get Remote teleworkers to connect to the UC500 direct (passthru the SA500), but I never tied it on multisite since the MSM doesnt recognize the SA500.