cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
534
Views
0
Helpful
2
Replies

ASA and NETUX2000

DivZ
Level 1
Level 1

Hi,

I am working on configuring ASA to connect to device called NETUX2000. this is for voip traffic. The n/w design is:

SIP Trunks <-Internet router -> ASA -> Netux -> Switch

This is just two ports of ASA but other ports are connected to diff ISP and also to local LAN, which is not a problem as they are separated.

Internet router(outside) - 123.x.x.1, 2,3, 4, 5

Internet router (Inside)  - 172.30.x.1

ASA(outside) - 172.30.x.2

ASA(inside) - 172.20.x.1

Netux - 172.20.x.2

For this to work,

I created static routes to 123.x.x.1,2,3,4,5 on ASA

I permitted SIP ports inside of ASA and outisde(connecting) Netux with respective source and destination.

No natting

Now, the problem is that NETUX (linux box) physical interface connecting to ASA, has two logical IPs, one is the one we configured and other is 123.x.x.6.

The other logical IP is 123.x.x.6 is given by internet router which has to be configured as the internet router ends the destination ip (dest calls) to this IP address.

Source IP : 123.x.x.1,2,3,4,5/172.30.x.1, destination-123.x.x.6.

As of now, they are directly connected. I have requested the config of internet router but wanted to check if its possible anyway to route traffic to diff subnets connected to one physical interface through ASA?

I am not sure if this is possible.

Any help is appreciated,.thanks..

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Traffic if it is passing through the ASA needs to go in and out the same interface on the ASA, otherwise it will be drop due to asymmetric routing.

If your internet router supports NAT and does SIP inspection, then you should be able to perform NATing on the Internet router, and just have 1 NIC or IP address on Netux device.

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Traffic if it is passing through the ASA needs to go in and out the same interface on the ASA, otherwise it will be drop due to asymmetric routing.

If your internet router supports NAT and does SIP inspection, then you should be able to perform NATing on the Internet router, and just have 1 NIC or IP address on Netux device.

Hi Jennifer,

Thanks so much for your reply. I have requested the internet router to do the NATing..he has agreed to it, I will update when its working

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: