Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 501 w/ Vonage

I have a 501 off a comcast cable connection. I currently have 1 NAT only for FTP to a single server.

Vonage specifies that i must open the following to its phone device:

SIP ports 5060 through 5061 using UDP protocol

NTP port 123 using UDP protocol

TFTP port 69 using UDP protocol

DNS port 53 using UDP protocol

RTP ports 10,000 through 20,000 using UDP protocol

What is the simplest way to nat port ranges (i.e. rtp 10,000 -20,000) surely i cannot create 10,000 static entries.

6 REPLIES
Cisco Employee

Re: Pix 501 w/ Vonage

range cant be specified in static. so we need to see if a workaround can be applied.

do you have the IP address of vonage servers?

i think we can use policy static

e.g.

access-list 100 deny tcp host yourftpserver any eq ftp

access-list 100 permit udp host yourvonage range 5050 5061 any

access-list 100 permit udp host yourvonage range 10000 20000 any

access-list 100 permit udp host eq 69 yourvonage any

access-list 100 permit udp host yourvonage eq 123 any

access-list 100 permit udp host yourvonage eq 53 any

static (inside,outside) publicip privateip access-list 100

thanks

Nadeem

New Member

Re: Pix 501 w/ Vonage

thanks for the reply.

how come udp 69 is on the source rather than the target like the rest of them?

also this is on a cable modem so its a dynamic outside ip, should i just add the remaining access-list entries to the exsiting acl?

Cisco Employee

Re: Pix 501 w/ Vonage

this access-list is for static translation not for acess-group application.

i think it should work as it is.

New Member

Re: Pix 501 w/ Vonage

since the pix is behind a cable modem it was have to nat to the outside interface addres..

how do i make this change?

currently i have this for my ftp server:

static (inside,outside) tcp interface ftp 192.168.151.10 ftp netmask 255.255.255.255 0 0

which would be easy to replicate if i didnt have large port ranges.

any advice?

Cisco Employee

Re: Pix 501 w/ Vonage

leave the first static as it is and add the other static like this

static (inside,outside) interface access-list 100

New Member

Re: Pix 501 w/ Vonage

Causes this message which disables my connectivity as well

WARNING: mapped-address conflict with existing static

tcp from inside:192.168.151.10/21 to outside:192.168.15.100/21 netmask 255.2

55.255.255

189
Views
0
Helpful
6
Replies
CreatePlease to create content