cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
4
Replies

IP Phones and an ASA

bardellom
Level 1
Level 1

I will have an ASA5505 with IP phones on both the inside and outside interfaces. All subnets on either side of the firewall will be using a private IP address scheme and their will be no internet access available via this firewall. The question I have as to do with IP phones on the outside interface trying to communicate with phones on the inside interface of this firewall. Is there a way to allow calls that originate on the outside interface that are looking to communicate with IP phones on the inside interface without having to setup static translations for all IP phones on the inside interface?

1 Accepted Solution

Accepted Solutions

Yes. That is correct.

View solution in original post

4 Replies 4

Kureli Sankar
Cisco Employee
Cisco Employee

You can enable no nat-control

sh run all | i nat-control

or provide identity translation where the inside hosts will look like themselves when going to the outside.

example:

static (in,out) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

where the inside network is 10.10.10.0/24

Kusankar,

Thanks for your response. To clarify, by turning NAT control off this will allow connections to originate on the outside and terminate on the inside providing:

• Appropriate routing is in place on either side of the firewall.

• ACL's are applied on the outside and inside interfaces to allow this traffic.

Yes. That is correct.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: