cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
0
Helpful
2
Replies

ASA 5510 - Multiple Outside Addresses with SIP and CCME

exonetinf1nity
Level 1
Level 1

Greetings i have the following config below, some of the addresses are fictitious but resemble to same addresses.

I have assigned a single outside address to E0/0 and create multiple sub interfaces for various internal vlans which are hanging of E0/1

I also have a CCME router that i would like to have a public address for SIP connectivity.

Initially i had wanted to use E0/2 and assign a second outside address on the same network then assign another outside address within the same network to F0/0 on the CCME router which would in turn connect to E0/2 on the ASA so i that i wouldn't have to NAT any traffic but still have the ASA in-between.

Now unfortunately ive just realised that i cant have overlapping networks on the ASA.

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 89.221.2.12 255.255.255.240

!

interface Ethernet0/1

nameif inside

security-level 100

no ip address

!

interface Ethernet0/1.101

vlan 101

nameif telcoaccess

security-level 100

ip address 172.29.255.1 255.255.255.0

!

interface Ethernet0/1.102

vlan 102

nameif telcovoice

security-level 100

ip address 172.28.255.1 255.255.255.0

!

interface Ethernet0/1.103

vlan 103

nameif demoaccess

security-level 100

ip address 172.27.255.1 255.255.255.0

!

interface Ethernet0/1.104

vlan 104

nameif demovoice

security-level 100

ip address 172.26.255.1 255.255.255.0

!

interface Ethernet0/1.105

vlan 105

nameif rmtoffice

security-level 100

ip address 172.25.255.1 255.255.255.0

!

interface Ethernet0/1.998

vlan 998

nameif guestlan

security-level 50

ip address 172.30.255.1 255.255.255.0

Is there a way to still provide the the CCME router with a public address whilst keeping the asa in between the two?

Regards

1 Accepted Solution

Accepted Solutions

bhatok
Level 1
Level 1

Hello,

You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:

nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255

Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.

What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.

Hope this helps.

Brandon

View solution in original post

2 Replies 2

bhatok
Level 1
Level 1

Hello,

You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:

nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255

Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.

What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.

Hope this helps.

Brandon

Ah, brilliant, cheers for your help

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: