Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

UC560 behind ASA + LAN connectivity

I honestly feel like my brain is going to explode and I am missing something very easy.

Here's my setup...

SIP provider coming through the Internet

Internet --- ASA --- Switch --- PCs, Phones, UC560

From my little diagram, I have my UC560 patched into a switch that my PC's and potentially my phones will connect to. They are not Cisco switches unfortunately and I cannot VLAN.

Can I make such a setup work with the UC560 behind the ASA?

What I have so far is: the WAN port is unplugged, VLAN1 is on my data network, vlan90 and vlan100 are both the default settings, and in my static routes my default gateway in the UC560 is the ASA. Phones will work fine directly connected to the UC560 but when plugged into the same switch they can't  find the phone system. I am trying to determine if this is possible and if so what am I missing. The phones do not have to be the same IP network as the computers but I would like them to communicate. Obviously when they plug into the switch they do not get DHCP from the UC560.

Cisco Employee

UC560 behind ASA + LAN connectivity

Hello Christie,

I would go for vlan capable switch to minimize the problems.

Best regards,


Community Member

UC560 behind ASA + LAN connectivity

Is that the only way to make the scenario work? I do have VLAN capable switches, I wasn't going to VLAN them out until I knew for sure. They're not Cisco and I am not crazy about the VLAN setup on them but they will work. Just wanted to see all the options so I know going forward when recommending this unit to customers. Thanks!

Community Member

UC560 behind ASA + LAN connectivity

Yes, you could have problems if not using vlans, however, the scenario should work fine. Did you plug your generic switch into the Expansion port on the UC? If so, make sure you remove the trunk configuration from it as it won't be able to establish the dot1q trunk with the generic switch. Instead, configure the Expansion port as a normal voice port (just copy the CFG from another FA port) and make sure it has the 'switchport voice vlan ###' command in it.

If it is not the Expansion port then post your config but it sounds like you have a simple routing/sw issue.

CreatePlease to create content