11-23-2005 05:20 AM - edited 02-21-2020 12:32 AM
I have a 501 off a comcast cable connection. I currently have 1 NAT only for FTP to a single server.
Vonage specifies that i must open the following to its phone device:
SIP ports 5060 through 5061 using UDP protocol
NTP port 123 using UDP protocol
TFTP port 69 using UDP protocol
DNS port 53 using UDP protocol
RTP ports 10,000 through 20,000 using UDP protocol
What is the simplest way to nat port ranges (i.e. rtp 10,000 -20,000) surely i cannot create 10,000 static entries.
11-23-2005 10:25 AM
range cant be specified in static. so we need to see if a workaround can be applied.
do you have the IP address of vonage servers?
i think we can use policy static
e.g.
access-list 100 deny tcp host yourftpserver any eq ftp
access-list 100 permit udp host yourvonage range 5050 5061 any
access-list 100 permit udp host yourvonage range 10000 20000 any
access-list 100 permit udp host eq 69 yourvonage any
access-list 100 permit udp host yourvonage eq 123 any
access-list 100 permit udp host yourvonage eq 53 any
static (inside,outside) publicip privateip access-list 100
thanks
Nadeem
11-23-2005 11:42 AM
thanks for the reply.
how come udp 69 is on the source rather than the target like the rest of them?
also this is on a cable modem so its a dynamic outside ip, should i just add the remaining access-list entries to the exsiting acl?
11-23-2005 12:46 PM
this access-list is for static translation not for acess-group application.
i think it should work as it is.
11-23-2005 01:34 PM
since the pix is behind a cable modem it was have to nat to the outside interface addres..
how do i make this change?
currently i have this for my ftp server:
static (inside,outside) tcp interface ftp 192.168.151.10 ftp netmask 255.255.255.255 0 0
which would be easy to replicate if i didnt have large port ranges.
any advice?
11-23-2005 02:08 PM
leave the first static as it is and add the other static like this
static (inside,outside) interface
11-23-2005 02:15 PM
Causes this message which disables my connectivity as well
WARNING: mapped-address conflict with existing static
tcp from inside:192.168.151.10/21 to outside:192.168.15.100/21 netmask 255.2
55.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide