08-07-2018 02:38 PM - edited 02-21-2020 08:04 AM
The below does not work. Can't even ping the public address (.196). But if I change the test to make the source of the internal IP of the PBX an IP on vlan 1 (192.168.7.x) which is not sub-interfaced, I have no problems. Is this a 5506 bug or am I doing something wrong?
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 170.xx.xx.197 255.255.255.248
!
interface GigabitEthernet1/3
description To_HP_V1910-48G_Switch
nameif inside
security-level 100
ip address 192.168.7.254 255.255.255.0
!
interface GigabitEthernet1/3.3
vlan 3
nameif VOIP
security-level 100
ip address 192.168.9.1 255.255.255.0
object network Avaya_IP_PBX-PRI
host 192.168.9.11
object network Avaya_IP_PBX-PRI
nat (VOIP,outside) static 170.xx.xx.196
08-07-2018 04:26 PM
I am assuming that the connection between the ASA and switch on G1/3 is a trunk on the switch side. Are you tagging the traffic with vlan 3 on this trunk? Looks like untagged traffic (vlan1) is working fine so the port may be configured incorrectly on the switch.
08-08-2018 04:41 AM
So the interesting thing I probably should have mentioned with this is that once the NAT is in place, the SIP traffic flows fine. It is the RTP UDP traffic that fails. So although the PBX cannot be accessed on the internet from a ping standpoint, it is at least talking on TCP, which is odd.
08-08-2018 06:00 AM
I believe the issue is unidirectional traffic. I will have them check the switchport configs. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide