Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can you PAT TFTP with ASA Phone Proxy?

I have an install where I will only be provided two external addresses for an ASA that will be using the UC Phone Proxy feature. I would like to have a third IP to use NAT for tftp but that option is not available.

Am I able to use PAT against the external (outside) interface address for tftp for the UC Phone Proxy feature?

e.g.

object-group service tftp udp

port-object eq tftp

object-group network cucm70-tftp-external

network-object host 1.2.3.4

object-group network external-mediaterm

network-onject host 1.2.3.254

object-group network cucm70-internal

network-object host 10.9.8.7

object-group network internal-mediaterm

network-onject host 10.9.8.254

access-list outside_access_in extended permit udp any object-group cucm70-tftp-external object-group tftp

access-group outside_access_in in interface outside

static (inside,outside) udp interface tftp 10.9.8.7 tftp netmask 255.255.255.255

nat (inside) 1 10.0.0.0 255.0.0.0

global (outside) 1 interface

!

ctl-file ctl_ucproxy_file

record-entry cucm-tftp trustpoint ucproxy_trustpoint address 1.2.3.4

no shutdown

!

media-termination mediaterm

address 10.9.8.254 interface inside

address 1.2.3.254 interface outside

!

phone-proxy sample-phone-proxy

media-termination mediaterm

tftp-server address 10.9.8.7 interface inside

tls-proxy sample-tls-proxy

cipc security-mode authenticated

Thanks

289
Views
0
Helpful
0
Replies