cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
612
Views
0
Helpful
1
Replies

ASA, IPSec VPN with NAT

Andrej Grcman
Level 1
Level 1

Dear All,

I'd kindly ask you for your expert help and advice with a challenge we're facing these days:

We have two sites, on both sides there is ASA firewall with 9.1.3 image and there is IPSec VPN between them. Users can access resources from Site A to Site B and vice versa without a problem.

VoIP provider has brought a link for SIP trunk to Site B and gave us small subnet so we could connect to their SIP proxy. Only connections from that subnet (= IP 10.10.10.242) to their proxy are allowed. I've added new interface on Site B ASA, defined the subnet and added default route.

Our VoIP server is located on Site A and we'd like to keep it that way.

In order to route the traffic from VoIP server on Site A to SIP proxy that's connected to Site B, I've added SIP proxy's IP to crypto access list. With that, traffic from our VoIP server reaches SIP proxy, but the source ip address of this traffic at VoIP provider's end shows up as 192.168.0.10 and not 10.10.10.242.

Obviously I'd need some kind of NAT, but for life of me I can't make it work. I've also exhausted trial and error options :)

Can you help? Also attaching a simple datagram.

Big thanks in advance,

Andrej

 

1 Reply 1

adheer c
Level 1
Level 1

Hi Andrej

 

Looks like you have to NAT the Traffic from VoIP server to SIP Proxy at Site B.

NAT  Source(192.168.0.10>10.10.10.242) destination(SIP_PROXY>SIP_PROXY)

i assume that you must have already tried this option, plz post your config if it didn't help , we'll have a look

 

Regards

Adheer

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: