cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3031
Views
0
Helpful
8
Replies

ASA - Config for Cisco Expressway Dual Nic

rajaayman
Level 1
Level 1

HI All 

 

we are tying to configure cisco EXpressway E with ASA  

 

below is the topology

topology.png

 

 

Here the ISP public ip is not static it is a dynanic ip  for the SRV record able to manage with DDNS  bit for the nat option getting issue with the one way call 

 

below is the config 

 

object network obj-ExpressWay-E
host 172.20.10.16

object service obj-udp_3478-3483
service udp source range 3478 3483

object service obj-udp_24000-29999
service udp source range 24000 29999

object service obj-udp_36002-59999
service udp source range 36002 59999

object service obj-tcp_5222
service tcp source eq 5222

object service obj-tcp_8443
service tcp source eq 8443

object service obj-tcp_5061
service tcp source eq 5061

object service obj-udp_5061
service udp source eq 5061

object service obj-tcp_5060
service tcp source eq 5060

object service obj-udp_5060
service udp source eq 5060

object service obj-udp_1719
service udp source eq 1719


object service obj-udp_2776
service udp source eq 2776

object service obj-tcp_2776
service tcp source eq 2776


object service obj-udp_1024
service udp source eq 1024


object service obj-udp_36000-36001
service udp source range 36000 36001

object service obj-udp_15000-19999
service udp source range 15000 19999


object service obj-tcp_15000-19999
service tcp source range 15000 19999

 


nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_3478-3483 obj-udp_3478-3483
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_24000-29999 obj-udp_24000-29999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36002-59999 obj-udp_36002-59999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5222 obj-tcp_5222
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_8443 obj-tcp_8443
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5061 obj-tcp_5061
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5061 obj-udp_5061

 

access list was any any  extended permit  for tcp and upd 

 

the issue is while enabling the NAT on express way with the public ip  from out side  users with jabber can call in vise versa is not working and jabber to jabber out die is also not working . i have attached the packet capture too here 

 

Please can any one help 

 

 

8 Replies 8

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

Regarding Expressway-E, i remember you have to mention the Public/Nated IP of Exp-E so which means dynamic IP would not be an option here.

 

 

HI 

are you telling about the nat ip what we mark in Express E  ash on the below screen  as normally  the Dynamic ip will change once in a month or some time it will go more  whenit is getting changed we can update manual too 

 

2.png

But in the asa side do i need to point that public ip ?

hi,

 

yes you have to specify the dynamic IP on the IPV4 Static NAT address and can change on monthly basis.

 

my question here, the dynamic IP you are getting on your ASA, is it shared by other hosts also or only you are getting it ? usually dynamic IP's are shared between multiple customers and it varies from ISP to ISP. 

 

to make sure, please check your expressway ports are open and reachable on your dynamic Public IP by using any online tool or you can use below one.

 

https://www.yougetsignal.com/tools/open-ports/

 

regarding ASA, how you are getting the public IP, can you please specify ?

Dear Mr  Muhammad

 

Thank you for the update !!

i am getting 1 public ip for me and the required ports are open too in isp side 

 

isp connection is terminating on DSL dlink router from there i am doing port forwarding to asa the below result is from cisco collab solution analyzer  and the remaining ports i have setup a ftp server excluding asa i keept the pc ip as asa ip and checked i am able to reach the ftp server with all the different ports  .

asa 1.png

 

Now with expressway-E i can register the client  on express way if i keep the nat ip as my piblic ip i can make calls from jabber to deskphone .vise versa is not happening  and jabber to jabber call is not happening too  

 

Below is the log

* Jabber logs:

Call from 2002@192.168.1.11 to 3001@192.168.1.11 failed to connect.

Further information

Jabber received 200 OK from 31.15.11.248 but the last record route of the message points to 172.20.10.16.

Jabber therefore has raised an error saying that 172.20.10.16 is an unkown address.

 

 

Please advise . 

 

 

i suspect it to be more of Routing issue. did you define static Routes in Express-E for LAN1 ? also, if i am not wrong your default gateway is pointed to lan 2 right ?

no static route for lan 1 for lan 2 have pointed the default gateway . 

 

i am not sure about your deployment but you may need to add some routes pointed to LAN 1 for your internal subnets and services.

Ref:

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X12-5-4.pdf

 

Also, I also advice you to move this topic to collaboration community as this more likely to be issue related to Expressway

HI 

 

I have a post on IPT side also i had a doubt on the asa side so i create a discussion  as there is nothing on asa side will check on that post 

 

Thank you for your time 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: