UC500.com

I am not going to say I am a Cisco expert but waiting for that CCA is pain full, I have set a half dozen of these systems up now and I find that the best way to install and maintain these boxes is though the web interface and CLI. We almost always convince the customer to go with an ASA 5505 and the UC520. The default config on the UC, well in a perfect world where it’s always a new environment and they don't have a network then sure use the networks provided, however on most of my deployments especially on ones with approximately 20 users or more they already have a who whack of devices running on the network that I really don't want to have to hit up 3-4 servers plus 4-5 printers and whatever other little device that have kicking around and reconfigure them. I have just found it easier to hit up the cli rip out all the firewall and nat rules use the wan port to connect to the ASA and setup the data vlan to be the same network as the current one. It’s really not that much effort. Simply making sure that the CUE is accessible to be configured via a web browser then all the phones/users and auto attendant is a breeze to setup that can all be done in an hour if the customer knows what they want. Also by using the CLI get so many more options, we have two boxes and have our two offices linked together, we have extension mobility working so that users can hot desk. The latest one that I got working is Exchange 2007, Unity express is nice however Exchange UM... well that blows CUE out of the water. Cisco CME and unity are great products however GUI is still not your strongest suit for ISRs and UC. On that same note you have nailed it on the ASAs!

Not that my option means anything but there it is.

I ended up just diving into the CLI and hacking it up ;)

Can't say I'm particularly impressed with the CCA. Trying to remove the firewall from the CCA didn't really work as the NAT config still remained (if I remember correctly) as well as other odities.

My steps were pretty much like yours. Except I left the data interface on the UC500 and gave it an IP on my primary data network. I then routed 10.1.1.1 and 10.1.10.1 to the UC500 IP on my data network to get past the asymmetric routing issue, since the 3825 was the UC500's default route. The UC500 is basically only the router for the voice network now.

I had to publish 10.1.1.1 and 10.1.10.1 to the VPN client to allow remote CIPC use.

Once I got the VLANs setup correctly on the 2960 everything (data and voice) seems to be working perfectly.

-------
The Montopolis Group, Ltd.
http://blog.montopolis.com

I have just done this. I currently allready had a Cisco ASA5510 as my firewall and then 1 CE500-12port Gig, 2 CE500-24port POE, and 1 CE500 24port 4POE switches. There are some benifits to not using the UC500 as a firewall.
1. The UC500 cannot support as many Site to Site and Client to Site VPN connections.
2. If you use the UC500 as a firewall it knows what phones are remote teleworker phones.

Things I ran into,
I installed the UC500 onto our network and disable all WAN and Firewall features. I than gave the UC500 an IP address on Vlan1 our Datanetwork, and an IP address on Vlan100 the cisco voice network. I only used it for voice features. I had a ton of problems. Not externally but internally. So I then configured the ASA5510 to have to sub interfaces one for Data and one for Voice. The ASA5510 was the default gateway for all devices on my network, including the UC500. So in the UC500 I created static routes pointing to the ASA for both the datanetwork and voicenetwork. What I ran into was Assymetric routing, where my notebook was on the datanetwork but I tried to SSH to the IP address of the UC500 on the Voice Network. The UC500 is a router so it new that the request was coming from the inside so it tried to bypass the ASA and go direct to my notebook to create the connection. This also caused problems for me when setting up voice mail to email notification as the UC500 could ping my exchange server but could not send anything to it. The solution to this was to shut down the Vlan1 interface "Datanetwork" and only give the UC500 a IP address on the Voice side "Vlan100" this way you can create an all Zero's route to the ASA5510 on the Cisco Voice Vlan only. All problems are gone. I did have to make a bunch of changes to the ASA to make the routing between the Voice network and Data Network work but not hard. I also had to put a static route in the ASA pointing 10.1.10.1 (the integrated service module "CUE") to 10.1.1.1 (IP of UC500 on Voice Vlan 100).

hope this helps out. I will check this post in a couple days to see if yo have further questions.

In your situation go ahead and use the CCA and just don't configure the firewall portion. setup your network settings and you should be fine.

hope that helps,

Ted