Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA 5505 Network Configuration & Telephony problem

Hi everyone,

We would like to use a cisco asa 5505 to replace our pfsense.
Please find in attachement the architecture we want :

Mauricev6.jpg

Could you tell me if the configuration below is OK?

Because with this configuration we have the following problems:  we are using Astra phones and Avaya phones and it seems that there is communication problems when we tried to call an avaya with an astra. (Users who are using Avaya cannot hear Astra users)

With pfsenses we don't have this problem.

Maybe my NAT is not correctly configured?

Thank you for your responses.

ASA Version 8.2(5)

!

hostname rasamaurice

names

!

interface Ethernet0/0

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

switchport access vlan 3

!

interface Ethernet0/3

switchport access vlan 4

!

interface Ethernet0/4

switchport access vlan 5

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

nameif inside

security-level 0

ip address 192.168.22.254 255.255.255.0

!

interface Vlan2

nameif wan

security-level 0

ip address 192.168.100.254 255.255.255.0

!

interface Vlan3

nameif lan

security-level 100

ip address 192.168.1.10 255.255.255.0

!

interface Vlan4

nameif lan_mail

security-level 0

ip address 192.168.66.254 255.255.255.0

!

interface Vlan5

nameif wan2

security-level 0

ip address 192.168.200.1 255.255.255.0

!

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group icmp-type DefaultICMP

description DefaultICMP Types permitted

icmp-object echo-reply

icmp-object unreachable

icmp-object time-exceeded

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object udp

protocol-object tcp

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list lan_access_in extended permit ip any any

access-list inside_access_in extended permit ip any any

access-list wan2_access_in extended permit ip any any

access-list lan_mail_access_in extended permit ip any any

access-list wan_access_in extended permit ip any any

access-list from_outside extended permit icmp any any echo

access-list name extended permit icmp any interface inside

pager lines 24

mtu inside 1500

mtu wan 1500

mtu lan 1500

mtu lan_mail 1500

mtu wan2 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (network) 11 interface

global (wan) 11 interface

global (inside) 1 interface

global (lan_mail) 11 interface

global (wan2) 11 interface

nat (network) 11 192.168.22.0 255.255.255.0

nat (network) 11 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

access-group wan_access_in in interface wan

access-group lan_access_in in interface lan

access-group lan_mail_access_in in interface lan_mail

access-group wan2_access_in in interface wan2

route wan 0.0.0.0 0.0.0.0 192.168.100.1 1

route lan 10.0.0.0 255.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

http server enable

http 192.168.22.0 255.255.255.0 inside

http 10.0.0.0 255.0.0.0 lan

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.22.0 255.255.255.0 inside

ssh 10.0.0.0 255.0.0.0 lan

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username admin password I54YI.lNurijhj50 encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Athoseb

148
Views
0
Helpful
0
Replies
CreatePlease to create content