05-15-2008 06:29 AM - last edited on 03-25-2019 05:39 PM by ciscomoderator
Greetings i have the following config below, some of the addresses are fictitious but resemble to same addresses.
I have assigned a single outside address to E0/0 and create multiple sub interfaces for various internal vlans which are hanging of E0/1
I also have a CCME router that i would like to have a public address for SIP connectivity.
Initially i had wanted to use E0/2 and assign a second outside address on the same network then assign another outside address within the same network to F0/0 on the CCME router which would in turn connect to E0/2 on the ASA so i that i wouldn't have to NAT any traffic but still have the ASA in-between.
Now unfortunately ive just realised that i cant have overlapping networks on the ASA.
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 89.221.2.12 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
no ip address
!
interface Ethernet0/1.101
vlan 101
nameif telcoaccess
security-level 100
ip address 172.29.255.1 255.255.255.0
!
interface Ethernet0/1.102
vlan 102
nameif telcovoice
security-level 100
ip address 172.28.255.1 255.255.255.0
!
interface Ethernet0/1.103
vlan 103
nameif demoaccess
security-level 100
ip address 172.27.255.1 255.255.255.0
!
interface Ethernet0/1.104
vlan 104
nameif demovoice
security-level 100
ip address 172.26.255.1 255.255.255.0
!
interface Ethernet0/1.105
vlan 105
nameif rmtoffice
security-level 100
ip address 172.25.255.1 255.255.255.0
!
interface Ethernet0/1.998
vlan 998
nameif guestlan
security-level 50
ip address 172.30.255.1 255.255.255.0
Is there a way to still provide the the CCME router with a public address whilst keeping the asa in between the two?
Regards
Solved! Go to Solution.
05-15-2008 12:03 PM
Hello,
You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:
nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255
Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.
What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.
Hope this helps.
Brandon
05-15-2008 12:03 PM
Hello,
You can configure a static NAT translation through the ASA to give the CCME router a public address. To do so, address the F0/0 interface of the CCME router with an inside address such as 172.28.255.2 (assuming this is on VLAN 102). Then on the ASA, configure a static NAT translation with the following command:
nat (telcovoice, outside) 89.221.2.14 172.28.255.2 netmask 255.255.255.255
Also you must do a "clear xlate" command to reset your translations and put the new NAT statement into production.
What this does is make the ASA listen to requests on 89.221.2.14 and forward them back to the inside address of 172.28.255.2. To allow traffic through the ASA to the CCME router you will also have to permit whatever traffic you need with an access-list on the outside interface.
Hope this helps.
Brandon
05-16-2008 04:33 AM
Ah, brilliant, cheers for your help
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: