I'm in the process of deploying several DMVPN remote UC500 sites with a 2921 router head end. I ran this design past the SMB support folks, and they agreed it would be a good solution. The reason for using DMVPN is its capability to build dynamic spoke to spoke tunnels for VoIP calls, but when I started configuring my first UC540 I noticed it did not support any dynamic routing protocols. I believe this is a requirement for building the spoke to spoke tunnels. I’m very disappointed that we cannot even configure EIGRP stub on these boxes. Will Cisco ever support dynamic routing on the UC500 platform? My options at this point are not good, spoke to spoke calls will have to flow through the Hub site, or full mesh VPN will have to be deployed.
The UC500 does not support dynamic routing. However, you can put a UC500 in front of an ISR, set up static routes from the ISR to the UC500, and have the ISR publish routes to the UC500 subnets through dynamic routing protocols. In addition, traffic can be routed from a UC500 to an ISR, and then dynamically routed over the VPN tunnels by the ISR.
To install a UC500 in front of an ISR, you have to do the following:
Disable firewall and NAT on the UC500 (this can be done in CCA)
Plug the WAN port on the UC500 to one of the interfaces on the ISR
Configure the WAN port on the UC500 with a private IP address in a subnet separate from its Data VLAN, Voice VLAN, or CUE subnets. The ISR must also have the Ethernet interface or VLAN that the UC500 is connected to with another private IP address in the same subnet.
Configure NAT and firewall on the ISR. Be sure that NAT is enabled for traffic coming from the UC500 to the Internet.
Set up static routes from the ISR to the UC500
The instructions for integrating the UC500 with an external firewall (such as a ISR, SR520, SA520, ASA, or other device) is described in the following document:
You can actually set up IPsec Static Virtual Tunnel Interfaces to set up site-to-site VPNs between UC500 units. This requires all of the site-to-site VPNs to be terminated on IOS-based devices, but no dynamic routing protocol is needed and static routes can be used to route traffic over IPsec Static Virtual Tunnel Interface. However, you will need to use CLI in order to set up IPsec Static Virtual Tunnel Interfaces as this feature is not currently supported in CCA.
CCA 2.1 and later can set up site-to-site VPNs between UC500 units through the CCA multisite manager, but it configures the VPNs using a crypto map and can currently only connect the Data VLAN subnets of the UC500s.
If I have to tell the customer they need to order additional hardware it will not go over very well. I think we may just have to configure a hub and spoke DMVPN solution for data use (most data is located at the head site) and separate full mesh tunnels for voice traffic. This is not an ideal solution because of all the extra configuration nessacery when adding new locations. Also, I did read somewhere that a UC540 will only handle 5 VPN tunnels, so this solution will not scale well. Does Cisco have any plans to add dynamic routing to the UC500 platform? It's available on the 1861 so the only reason to remove it from the UC500 is to sell more hardware (my opinion).
Configure Multicast Paging on the Cisco IP Phone 7800 Series or 8800 Series Multiplatform Phone
The Cisco IP Phone 7800 and 8800 Series Multiplatform Phones provide voice communication over an Internet Protocol (IP) network...
Add Call Park on a Cisco 7800 or 8800 Series Multiplatform Phone Key Expansion Module
Call park allows the user of the phone to put an incoming call on hold so that the call can be retrieved on another phone. A call is park...