Can you PAT TFTP with ASA Phone Proxy?

Unanswered Question
Sep 29th, 2009
User Badges:

I have an install where I will only be provided two external addresses for an ASA that will be using the UC Phone Proxy feature. I would like to have a third IP to use NAT for tftp but that option is not available.

Am I able to use PAT against the external (outside) interface address for tftp for the UC Phone Proxy feature?


object-group service tftp udp

port-object eq tftp

object-group network cucm70-tftp-external

network-object host

object-group network external-mediaterm

network-onject host

object-group network cucm70-internal

network-object host

object-group network internal-mediaterm

network-onject host

access-list outside_access_in extended permit udp any object-group cucm70-tftp-external object-group tftp

access-group outside_access_in in interface outside

static (inside,outside) udp interface tftp tftp netmask

nat (inside) 1

global (outside) 1 interface


ctl-file ctl_ucproxy_file

record-entry cucm-tftp trustpoint ucproxy_trustpoint address

no shutdown


media-termination mediaterm

address interface inside

address interface outside


phone-proxy sample-phone-proxy

media-termination mediaterm

tftp-server address interface inside

tls-proxy sample-tls-proxy

cipc security-mode authenticated


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion