VPN PATing question

Unanswered Question
Jul 20th, 2009
User Badges:

Hi Guys,

Currently I've setup my ASA5505 with a point-point vpn for ip-phone and phone proxy in the same device. So all working well..

Now to mitigate a tftp issue w/ phone proxy, I've performed PAT on all outside traffic going inbound through the ASA. But whenever i do that, the other side cannot ping the inside ip of the other side. So I just PAT only the specific ip address of the phone using the phone proxy.

Now how can I PAT all outside traffic going inbound through the ASA but allow the ping reply from the other side?

hope that's clear enough!

my PAT:

PhoneProxyASA(config)# nat (outside) 55 0 0 outside

PhoneProxyASA(config)# global (inside) 55 interface

hope some one can help me...



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Mon, 07/27/2009 - 09:04
User Badges:
  • Silver, 250 points or more

If you want inside hosts to share a single public address for translation, use PAT. If the global statement specifies one address, that address is port translated. The PIX allows one port translation per interface and that translation supports up to 65,535 active xlate objects to the single global address.

Click this link in order to allow inside hosts access to outside networks with the use of PAT.


redrobish Tue, 07/28/2009 - 20:53
User Badges:

No worry,

i just pat the subnet that is used by my phone proxy not all.

That fixed my issue...

Thanks for the post anyway.


This Discussion