ASA 5510 - Multiple Outside Addresses with SIP and CCME

Answered Question
May 15th, 2008

Greetings i have the following config below, some of the addresses are fictitious but resemble to same addresses.

I have assigned a single outside address to E0/0 and create multiple sub interfaces for various internal vlans which are hanging of E0/1

I also have a CCME router that i would like to have a public address for SIP connectivity.

Initially i had wanted to use E0/2 and assign a second outside address on the same network then assign another outside address within the same network to F0/0 on the CCME router which would in turn connect to E0/2 on the ASA so i that i wouldn't have to NAT any traffic but still have the ASA in-between.

Now unfortunately ive just realised that i cant have overlapping networks on the ASA.

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 89.221.2.12 255.255.255.240

!

interface Ethernet0/1

nameif inside

security-level 100

no ip address

!

interface Ethernet0/1.101

vlan 101

nameif telcoaccess

security-level 100

ip address 172.29.255.1 255.255.255.0

!

interface Ethernet0/1.102

vlan 102

nameif telcovoice

security-level 100

ip address 172.28.255.1 255.255.255.0

!

interface Ethernet0/1.103

vlan 103

nameif demoaccess

security-level 100

ip address 172.27.255.1 255.255.255.0

!

interface Ethernet0/1.104

vlan 104

nameif demovoice

security-level 100

ip address 172.26.255.1 255.255.255.0

!

interface Ethernet0/1.105

vlan 105

nameif rmtoffice

security-level 100

ip address 172.25.255.1 255.255.255.0

!

interface Ethernet0/1.998

vlan 998

nameif guestlan

security-level 50

ip address 172.30.255.1 255.255.255.0

Is there a way to still provide the the CCME router with a public address whilst keeping the asa in between the two?

Regards

Attachment: 
I have this problem too.
0 votes
Correct Answer by bhatok about 8 years 6 months ago

Hello,

You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:

nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255

Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.

What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.

Hope this helps.

Brandon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
bhatok Thu, 05/15/2008 - 12:03

Hello,

You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:

nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255

Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.

What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.

Hope this helps.

Brandon

Actions

This Discussion