Cisco Support Community
Community Member

VPN PATing question

Hi Guys,

Currently I've setup my ASA5505 with a point-point vpn for ip-phone and phone proxy in the same device. So all working well..

Now to mitigate a tftp issue w/ phone proxy, I've performed PAT on all outside traffic going inbound through the ASA. But whenever i do that, the other side cannot ping the inside ip of the other side. So I just PAT only the specific ip address of the phone using the phone proxy.

Now how can I PAT all outside traffic going inbound through the ASA but allow the ping reply from the other side?

hope that's clear enough!

my PAT:

PhoneProxyASA(config)# nat (outside) 55 0 0 outside

PhoneProxyASA(config)# global (inside) 55 interface

hope some one can help me...




Re: VPN PATing question

If you want inside hosts to share a single public address for translation, use PAT. If the global statement specifies one address, that address is port translated. The PIX allows one port translation per interface and that translation supports up to 65,535 active xlate objects to the single global address.

Click this link in order to allow inside hosts access to outside networks with the use of PAT.

Community Member

Re: VPN PATing question

No worry,

i just pat the subnet that is used by my phone proxy not all.

That fixed my issue...

Thanks for the post anyway.

CreatePlease to create content