Can you PAT TFTP with ASA Phone Proxy?

Unanswered Question
Sep 29th, 2009

I have an install where I will only be provided two external addresses for an ASA that will be using the UC Phone Proxy feature. I would like to have a third IP to use NAT for tftp but that option is not available.

Am I able to use PAT against the external (outside) interface address for tftp for the UC Phone Proxy feature?

e.g.

object-group service tftp udp

port-object eq tftp

object-group network cucm70-tftp-external

network-object host 1.2.3.4

object-group network external-mediaterm

network-onject host 1.2.3.254

object-group network cucm70-internal

network-object host 10.9.8.7

object-group network internal-mediaterm

network-onject host 10.9.8.254

access-list outside_access_in extended permit udp any object-group cucm70-tftp-external object-group tftp

access-group outside_access_in in interface outside

static (inside,outside) udp interface tftp 10.9.8.7 tftp netmask 255.255.255.255

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

!

ctl-file ctl_ucproxy_file

record-entry cucm-tftp trustpoint ucproxy_trustpoint address 1.2.3.4

no shutdown

!

media-termination mediaterm

address 10.9.8.254 interface inside

address 1.2.3.254 interface outside

!

phone-proxy sample-phone-proxy

media-termination mediaterm

tftp-server address 10.9.8.7 interface inside

tls-proxy sample-tls-proxy

cipc security-mode authenticated

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion