CONFIGURE ASA PHONE PROXY IN DMZ NETWORK

Unanswered Question
Sep 20th, 2010

Hello,



I have to configure the ASA phone proxy in my network but I need to put the ASA 5510 in the DMZ network the ip of fttp and MTA would be needed perform nat in the firewwall because de Dmz network have not ips routeables at the internet


my cuestion is how it work,   I need perform NAT in the ASA for real ip of TFTP



THIS CAN WORK???

Captura.PNG



regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Magnus Mortensen Mon, 09/20/2010 - 18:28

Angel,

     I wish I had good new for you, but a NAT router/firewall in front of a Phone Proxy enabled ASA is not supported.  Phone Proxy requires publicly routable addresses for both signaling and media termination. THe implementation you are trying to setup will not work.


- Magnus

Kureli Sankar Mon, 09/20/2010 - 20:12
1. The PP ASA HAS to have a public routable address as an MTA address.

2. The PP ASA also HAS to translate the call manager/tftp server IP address.

3. NAT router or firewall on the outside can just do identity translation for the

above two addresses and send the traffic that it receives for these two

addresses towards the PP ASA

If the above 3 can be done, then this may work.

-KS

Actions

This Discussion