Solved: IP Phones and an ASA

bardellom · ‎09-04-2009

I will have an ASA5505 with IP phones on both the inside and outside interfaces. All subnets on either side of the firewall will be using a private IP address scheme and their will be no internet access available via this firewall. The question I have as to do with IP phones on the outside interface trying to communicate with phones on the inside interface of this firewall. Is there a way to allow calls that originate on the outside interface that are looking to communicate with IP phones on the inside interface without having to setup static translations for all IP phones on the inside interface?

Kureli Sankar · ‎09-06-2009

Yes. That is correct.

View solution in original post

Kureli Sankar · ‎09-05-2009

You can enable no nat-control

sh run all | i nat-control

or provide identity translation where the inside hosts will look like themselves when going to the outside.

example:

static (in,out) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

where the inside network is 10.10.10.0/24

bardellom · ‎09-06-2009

Kusankar,

Thanks for your response. To clarify, by turning NAT control off this will allow connections to originate on the outside and terminate on the inside providing:

â€¢ Appropriate routing is in place on either side of the firewall.

â€¢ ACL's are applied on the outside and inside interfaces to allow this traffic.

Kureli Sankar · ‎09-06-2009

Yes. That is correct.

bardellom · ‎09-07-2009

Thanks.