HI All
we are tying to configure cisco EXpressway E with ASA
below is the topology
Here the ISP public ip is not static it is a dynanic ip for the SRV record able to manage with DDNS bit for the nat option getting issue with the one way call
below is the config
object network obj-ExpressWay-E
host 172.20.10.16
object service obj-udp_3478-3483
service udp source range 3478 3483
object service obj-udp_24000-29999
service udp source range 24000 29999
object service obj-udp_36002-59999
service udp source range 36002 59999
object service obj-tcp_5222
service tcp source eq 5222
object service obj-tcp_8443
service tcp source eq 8443
object service obj-tcp_5061
service tcp source eq 5061
object service obj-udp_5061
service udp source eq 5061
object service obj-tcp_5060
service tcp source eq 5060
object service obj-udp_5060
service udp source eq 5060
object service obj-udp_1719
service udp source eq 1719
object service obj-udp_2776
service udp source eq 2776
object service obj-tcp_2776
service tcp source eq 2776
object service obj-udp_1024
service udp source eq 1024
object service obj-udp_36000-36001
service udp source range 36000 36001
object service obj-udp_15000-19999
service udp source range 15000 19999
object service obj-tcp_15000-19999
service tcp source range 15000 19999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_3478-3483 obj-udp_3478-3483
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_24000-29999 obj-udp_24000-29999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36002-59999 obj-udp_36002-59999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5222 obj-tcp_5222
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_8443 obj-tcp_8443
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5061 obj-tcp_5061
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5061 obj-udp_5061
access list was any any extended permit for tcp and upd
the issue is while enabling the NAT on express way with the public ip from out side users with jabber can call in vise versa is not working and jabber to jabber out die is also not working . i have attached the packet capture too here
Please can any one help
HI
are you telling about the nat ip what we mark in Express E ash on the below screen as normally the Dynamic ip will change once in a month or some time it will go more whenit is getting changed we can update manual too
But in the asa side do i need to point that public ip ?
Dear Mr
Thank you for the update !!
i am getting 1 public ip for me and the required ports are open too in isp side
isp connection is terminating on DSL dlink router from there i am doing port forwarding to asa the below result is from cisco collab solution analyzer and the remaining ports i have setup a ftp server excluding asa i keept the pc ip as asa ip and checked i am able to reach the ftp server with all the different ports .
Now with expressway-E i can register the client on express way if i keep the nat ip as my piblic ip i can make calls from jabber to deskphone .vise versa is not happening and jabber to jabber call is not happening too
Below is the log
* Jabber logs:
Call from 2002@192.168.1.11 to 3001@192.168.1.11 failed to connect.
Further information
Jabber received 200 OK from 31.15.11.248 but the last record route of the message points to 172.20.10.16.
Jabber therefore has raised an error saying that 172.20.10.16 is an unkown address.
Please advise .
