VPN a UC520 to a 857 router, how to do it?
Hi all,
We have a client wanting to VPN their UC520 in the main office to a remote site that has a Cisco 857W router. I assume it can be done through some form of IPSec VPN but how. The WAN port of the UC will have a public IP if that helps.
I was reading somewhere on the Cisco site that certain IOS's are required for some router's and ASA's.
My only VPN experience with UC520's in using the Cisco VPN client s/w and the inbuilt EZVPN Server in CCA. I assume I'm gonna need some command line here.
Dan
Active forum topics
- CME with CUE receive fax in tiff
- CME with CUE receive fax in tiff
- No MoH on the spa525g
- Delete Voice Mail on UC after Email
- Displayed incoming caller ID via SIP Trunk
- Easiest way to get started for IT firm
- Out of Hours configuration
- Restrict Call fwd all on phones
- Cisco ip phone 7921
- Problem with Multicast UDP traffic.
Recent comments
- well, I erase the route
1 day 9 hours ago - thats true man, well i will
1 day 10 hours ago - Outlook Rules
1 day 19 hours ago - Just a quick thank you for
2 days 3 hours ago - Still not fixed in 2.2(5)
6 days 39 min ago - Bellsouth is really odd
6 days 12 hours ago - How do you recover the analog mac address?
6 days 14 hours ago - No longer supported
1 week 18 hours ago - CME supported, really UC520 ?
1 week 1 day ago - I have Similiar issue
1 week 2 days ago
Subscribe to the UC500 Rss Feed
Voice News
- In The UK BT Launches a Wi-Fi Smartphone App
- Observation-iPad's Are Just Starting to Take Off
- Airfare Prices Rising, Video Conferencing Costs Falling
- Apple Just Gave Bandwidth Providers a Present
- Cisco Customer Collaboration Technology
- Cisco Customer Collaboration Technology
- Orange HD Voice Arrives in the UK-But Growth Hurdles and Solutions Abound
- "Cisco@25, Cisco In 25" Video Contest Official Guidelines
- Skype Connect - Making Strides for the Business Market
- Google Voice - the Race to Zero Continues
- Skype For SIP Becomes Skype Connect-Takes Aim At Business and Enterprise Markets
- The Alchemy of Services-Oriented Storage Area Networks
Cisco TAC Issues - CME - UE
- need way to send CUE host name or IP instead of "localhost" to syslog , Open CSCti55268
- CUE: blank voice mails when more than one RTP stream to same port , Open CSCsk77329
- JTAPI deadlock on port state change , Fixed CSCsw94275
- CUE restore fails , Terminated CSCti31531
- CUE should not attempt to boot if disk space usage > 99% , Fixed CSCsa82454
Comments
Check out DMVPN
Using the notes from this site, I went about setting up DMVPN between a our UC520, 1 Cisco 2801, 2 Cisco 1800s, and 1 877.... The UC520 doesn't support the dynamic routing protocol, so you will need static routes from your tunnel to the secondary site....
Setup your 857 as the DMVPN hub, that way if you add in more routers in the future, they can sync up to that one unit, and you just need to add static routes from the UC520 to the various new hosts. You can use Cicso SDM, etc. to do you initial config.
Here are some config examples.
2801 Hub
-------------------------------------------
!
interface Tunnel0
description DMVPN Interface
bandwidth 1000
ip address 10.11.12.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1234
ip nhrp authentication DMVPN_NW
ip nhrp map multicast dynamic
ip nhrp map 10.11.12.2 12.17.19.22
ip nhrp network-id 11001
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1234
delay 1000
qos pre-classify
tunnel source Serial0/2/0
tunnel mode gre multipoint
tunnel key 11001
tunnel protection ipsec profile SDM_Profile2
!
router eigrp 1234
network 10.11.12.0 0.0.0.255
network 10.100.99.0 0.0.0.255
network 192.168.55.0
network 192.168.220.0
network 192.168.245.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Serial0/2/0
ip route 10.1.1.0 255.255.255.0 10.11.12.2
ip route 10.1.10.1 255.255.255.255 10.11.12.2
ip route 192.168.97.0 255.255.255.0 10.11.12.2
UC520 Spoke
-------------------------------------------
!
interface Tunnel0
bandwidth 1000
ip address 10.11.12.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map multicast 12.11.98.91
ip nhrp map 10.11.12.1 12.11.98.91
ip nhrp map 10.11.12.11 65.7.11.99
ip nhrp map 10.11.12.12 65.12.109.240
ip nhrp network-id 11001
ip nhrp holdtime 360
ip nhrp nhs 10.11.12.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
delay 1000
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 11001
tunnel protection ipsec profile SDM_Profile2
ip route 10.100.99.0 255.255.255.0 10.11.12.1
ip route 10.100.24.0 255.255.255.0 10.11.12.12
ip route 10.100.69.0 255.255.255.0 10.11.12.11
ip route 10.100.96.0 255.255.255.0 10.11.12.14
ip route 192.168.55.0 255.255.255.0 10.11.12.1
ip route 192.168.24.0 255.255.255.0 10.11.12.12
ip route 192.168.128.0 255.255.255.0 10.11.12.11
ip route 192.168.96.0 255.255.255.0 10.11.12.14
ip route 192.168.220.0 255.255.255.0 10.11.12.1
ip route 192.168.245.0 255.255.255.0 10.11.12.1
1811 Spoke
--------------------------------------------------------------
interface Tunnel0
bandwidth 1000
ip address 10.11.12.11 255.255.255.0
ip access-group 170 in
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map multicast 12.11.98.91
ip nhrp map 10.11.12.1 12.11.98.91
ip nhrp map 10.11.12.2 12.17.19.22
ip nhrp network-id 11001
ip nhrp holdtime 360
ip nhrp nhs 10.11.12.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
delay 1000
qos pre-classify
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 11001
tunnel protection ipsec profile SDM_Profile3
!
router eigrp 1234
network 10.11.12.0 0.0.0.255
network 10.100.69.0 0.0.0.255
network 192.168.128.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.1.1.0 255.255.255.0 10.11.12.2
ip route 10.1.10.0 255.255.255.0 10.11.12.2
ip route 10.1.10.1 255.255.255.255 10.11.12.2
ip route 192.168.97.0 255.255.255.0 10.11.12.2