IP Phones and an ASA

Answered Question
Sep 4th, 2009
User Badges:

I will have an ASA5505 with IP phones on both the inside and outside interfaces. All subnets on either side of the firewall will be using a private IP address scheme and their will be no internet access available via this firewall. The question I have as to do with IP phones on the outside interface trying to communicate with phones on the inside interface of this firewall. Is there a way to allow calls that originate on the outside interface that are looking to communicate with IP phones on the inside interface without having to setup static translations for all IP phones on the inside interface?

Correct Answer by Kureli Sankar about 7 years 8 months ago

Yes. That is correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Kureli Sankar Sat, 09/05/2009 - 18:58
User Badges:
  • Cisco Employee,

You can enable no nat-control


sh run all | i nat-control


or provide identity translation where the inside hosts will look like themselves when going to the outside.


example:


static (in,out) 10.10.10.0 10.10.10.0 netmask 255.255.255.0


where the inside network is 10.10.10.0/24





bardellom Sun, 09/06/2009 - 04:42
User Badges:

Kusankar,

Thanks for your response. To clarify, by turning NAT control off this will allow connections to originate on the outside and terminate on the inside providing:

• Appropriate routing is in place on either side of the firewall.

• ACL's are applied on the outside and inside interfaces to allow this traffic.


Actions

This Discussion