Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can you PAT TFTP with ASA Phone Proxy?

I have an install where I will only be provided two external addresses for an ASA that will be using the UC Phone Proxy feature. I would like to have a third IP to use NAT for tftp but that option is not available.

Am I able to use PAT against the external (outside) interface address for tftp for the UC Phone Proxy feature?


object-group service tftp udp

port-object eq tftp

object-group network cucm70-tftp-external

network-object host

object-group network external-mediaterm

network-onject host

object-group network cucm70-internal

network-object host

object-group network internal-mediaterm

network-onject host

access-list outside_access_in extended permit udp any object-group cucm70-tftp-external object-group tftp

access-group outside_access_in in interface outside

static (inside,outside) udp interface tftp tftp netmask

nat (inside) 1

global (outside) 1 interface


ctl-file ctl_ucproxy_file

record-entry cucm-tftp trustpoint ucproxy_trustpoint address

no shutdown


media-termination mediaterm

address interface inside

address interface outside


phone-proxy sample-phone-proxy

media-termination mediaterm

tftp-server address interface inside

tls-proxy sample-tls-proxy

cipc security-mode authenticated