12-05-2008 11:51 AM
Hi. i try to configure an static pat to get access to a polycom service.
Im trying to use a police nat but it doesnt work.
---
object-group service LIFESIZE-UDP udp
port-object range 60000 64900
port-object eq sip
object-group service LIFESIZE-TCP tcp
port-object eq h323
port-object range 60000 64999
port-object eq www
object-group service POLYCOM-TCP tcp
port-object eq h323
port-object range 3230 3270
object-group service POLYCOM-UDP udp
port-object range 3230 3253
access-list VIDEOCONFNATPORTS extended permit tcp host 10.1.1.7 object-group LIFESIZE-TCP interface outside object-group LIFESIZE-TCP
access-list VIDEOCONFNATPORTS extended permit udp host 10.1.1.7 object-group LIFESIZE-UDP interface outside object-group LIFESIZE-UDP
access-list VIDEOCONFNATPORTS extended permit tcp host 10.1.1.7 object-group POLYCOM-TCP interface outside object-group POLYCOM-TCP
access-list VIDEOCONFNATPORTS extended permit udp host 10.1.1.7 object-group POLYCOM-UDP interface outside object-group POLYCOM-UDP access-list VIDEOCONFNATPORTS extended permit tcp host 10.1.1.7 object-group LIFESIZE-TCP interface outside object-group LIFESIZE-TCP
access-list VIDEOCONFNATPORTS extended permit udp host 10.1.1.7 object-group LIFESIZE-UDP interface outside object-group LIFESIZE-UDP
access-list VIDEOCONFNATPORTS extended permit tcp host 10.1.1.7 object-group POLYCOM-TCP interface outside object-group POLYCOM-TCP
access-list VIDEOCONFNATPORTS extended permit udp host 10.1.1.7 object-group POLYCOM-UDP interface outside object-group POLYCOM-UDP
static (inside,outside) interface access-list VIDEOCONFNATPORTS
---
I try to modify this and change the order of inside and outside, and i try to made this only with one port only like a test to reduce the complex.
But im not sure if i can get control in a static pat for a range of ports.
Of if someone have any advise to make this please tell me.
Thanks a lot.
12-11-2008 02:31 PM
For VPN Gateways that run Cisco IOS Software Releases earlier than 12.2(13)T, the IPSec passthrough feature is needed on the router that performs PAT to allow Encapsulating Security Payload (ESP) through.
The following URL helps you in configuration:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide