Just setting up a Cisco UC500 and notice how “old fashioned” the VoIP settings are. The setup still believes that the provider only has one major IP address and one backup. Of course, to have one basic IP address where all traffic is routed to, and make this redudant (through virtual IP or IP take-over), is just fine and will work OK.
The DNS SRV case
If you as a VoIP Service Provider uses DNS SRV, which is designed to give you load sharing and redundancy through DNS, then the Cisco Configuration Assistant misses the point. This assistant, which is almost necessary to get the UC500 unit up and running, does a DNS lookup on the A record and takes this IP into the Access List configuration…. not good… Next time the UC500 registers, it probably uses another server, and the incoming calls are also coming from this. Then the ACL kicks in and blocks the call…
The work-around
For CCA version 1.9 there is an access-list 2 that contains the IP of the SIP server. Expand this list to cover all IP addresses from your VoIP provider. Be careful, since opening this to everybody will open you for both SPiT and possible fraud.
[ad]