03-31-2015 10:00 AM - edited 03-11-2019 10:43 PM
Hi guys,
I'm trying to set up {as per our phone guys} a phone server in the DMZ. The requirement is to have a public address (from our outside scope /29) assigned to this server and it has to be public on the internet to sync with an external system. I tried to put it in a DMZ and have the traffic pass to it. I tried putting an IP on the DMZ interface and also without an address on the DMZ interface but neither works. I can see traffic coming in but nothing going back.
Is there a way to have the server have that public IP and be in the DMZ and not to be NATTed? If so or not then how? Any suggestions would be appreciated.
Thanks
Mike
03-31-2015 10:26 AM
Mike
Is the outside interface also using an IP from the /29 ?
If so then no you can't do this without breaking up the subnet or making the ASA transparent but you won't be able to do that really with DMZs etc.
You are either going to have to NAT it or break up your /29 into two /30s and use one of them for the DMZ interface and the other for the VOIP server.
But I suspect some of those IPs are already in use ?
Edit - or obviously you could ask for another public IP block from your ISP.
Jon
03-31-2015 10:59 AM
Thanks for the quick reply Jon, we are using addresses from the /29 and yes the outside is in the /29.
The second subnet sounds familiar as that is what they had before the IP got changed by the ISP.
I did something earlier and did see traffic flowing back but it was always on port 0. I just cant pinpoint what i was doing at that time. I'm doing some more testing and hopefully someone else has some additional ideas.
Thanks
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide