VPN PATing question

Unanswered Question
Jul 20th, 2009

Hi Guys,


Currently I've setup my ASA5505 with a point-point vpn for ip-phone and phone proxy in the same device. So all working well..


Now to mitigate a tftp issue w/ phone proxy, I've performed PAT on all outside traffic going inbound through the ASA. But whenever i do that, the other side cannot ping the inside ip of the other side. So I just PAT only the specific ip address of the phone using the phone proxy.


Now how can I PAT all outside traffic going inbound through the ASA but allow the ping reply from the other side?


hope that's clear enough!


my PAT:

PhoneProxyASA(config)# nat (outside) 55 0 0 outside

PhoneProxyASA(config)# global (inside) 55 interface


hope some one can help me...


Thanks

Robert



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 07/27/2009 - 09:04

If you want inside hosts to share a single public address for translation, use PAT. If the global statement specifies one address, that address is port translated. The PIX allows one port translation per interface and that translation supports up to 65,535 active xlate objects to the single global address.


Click this link in order to allow inside hosts access to outside networks with the use of PAT.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t2


redrobish Tue, 07/28/2009 - 20:53

No worry,


i just pat the subnet that is used by my phone proxy not all.

That fixed my issue...


Thanks for the post anyway.


Actions

This Discussion