This is a somewhat broad question, but i am going post it anyway and see if anyone can comment, as i feel it may relate to an incorrect NAT statement. I have a telephone system sitting behind the ASA, which i've NAT'd inbound and outbound to an internet address.
This is the way I normally do the NAT to make the traffic match the same IP both inbound and outbound. I am now unsure if this is the correct way to go about things. Here is the problem i am running into.
A (remote) telephone boots up, grabs an IP, and registers with the phone system. All is well, except for when a call is made and there is no audio. All of the necessary ports are open (on both ends, here it is a 2800 ISR with the firewall enabled) and for testing purposes an ip any any statement was added. So here is the problem..
The phone registers, and in a capture you can see the local address of the phone communicating with the internet routeable address of the phone system. All is well.. However, once the RTP stream initiates the local telephone is now communicating with the inside address of the phone system and i feel that is the bottleneck.
Does anyone see anything wrong with the NAT config ? I am assuming the media stream should be between each end point and not the system, but im not quite sure if the protocol is proprietary (more than likely is) and may work differently.
when you say use one variant, is that best practice or a fact because .... ?
the reason i ask, i've noticed that if you have a global NAT setup for an entire network but also have a webserver, a static NAT would only provide 1 way translation.
lets say all hosts on the 10.0.0.0/24 subnet use the outside interface for internet access. the outside interface is set to 126.96.36.199. A webserver, 10.0.0.254 is binded to 188.8.131.52 through a static NAT.
I can communicate with the server just fine, however, if i am on the webserver and make a request to go out the internet it will be from the 184.108.40.206 address.
just an FYI, one of the telephone guys called and said he had the IP in the wrong field, so the remote phone is now communicating. but i am still interested in the topic of the 1 way NATing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...