IP Phones and an ASA

Answered Question
Sep 4th, 2009
User Badges:

I will have an ASA5505 with IP phones on both the inside and outside interfaces. All subnets on either side of the firewall will be using a private IP address scheme and their will be no internet access available via this firewall. The question I have as to do with IP phones on the outside interface trying to communicate with phones on the inside interface of this firewall. Is there a way to allow calls that originate on the outside interface that are looking to communicate with IP phones on the inside interface without having to setup static translations for all IP phones on the inside interface?

Correct Answer by Kureli Sankar about 7 years 8 months ago

Yes. That is correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Kureli Sankar Sat, 09/05/2009 - 18:58
User Badges:
  • Cisco Employee,

You can enable no nat-control

sh run all | i nat-control

or provide identity translation where the inside hosts will look like themselves when going to the outside.


static (in,out) netmask

where the inside network is

bardellom Sun, 09/06/2009 - 04:42
User Badges:


Thanks for your response. To clarify, by turning NAT control off this will allow connections to originate on the outside and terminate on the inside providing:

• Appropriate routing is in place on either side of the firewall.

• ACL's are applied on the outside and inside interfaces to allow this traffic.


This Discussion