Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
10
Helpful
7
Replies

Static NAT issue (outside to inside)

Go to solution
Patts
Level 1
Level 1

‎10-27-2022 07:24 PM

Hi, need help on my CME-PABX that's connect to the external SIP server for external calls. The external SIP server is pointing to public ip (202.x.x.1) as per diagram below. I need to map this to our CME (10.10.130.1) in order to reach the external SIP server. I believed my issue is more on the NAT translation. Let me know the correct NAT setup considering the ISR4321 and ASA Firewall as per diagram.

Thanks much.

Pat

Patts_0-1666923338233.png

 

Preview file
437 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to Patts

‎10-28-2022 03:05 AM - edited ‎10-28-2022 03:14 AM

 

ASA-Router Subnet
use one IP from this Subnet and config static NAT in ASA 
use this IP in router also to static NAT to WAN interface IP

View solution in original post

7 Replies 7

Go to solution
Patts
Level 1
Level 1

‎10-28-2022 02:03 AM

Just to summarize my issue above, I just need to configure ISR4321 to translate public IP 202.x.x.1 to the private IP in the inside which is CME 1010.130.1. Meaning public IP 202.x.x.1 should be able to translate to 10.10.130.1 which will use for SIP connectivity from the external SIP server to the CME. 

Let me know if I can add "ip nat outside source static 202.x.x.1 10.10.130.1" without affecting my current configuration. Or let me know other way to do.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Patts

‎10-28-2022 02:23 AM - edited ‎10-28-2022 02:23 AM

NAT (voice,outside) real IP-ASA mapped IP-ASA

ip nat inside static source mapped IP-ASA mapped IP-Router 

this make server access from Internet 

0 Helpful

Go to solution
Patts
Level 1
Level 1
In response to MHM Cisco World

‎10-28-2022 02:56 AM

Thanks for your inputs @MHM Cisco World 

Can you just confirm that I can still retain this below NAT overload for my internet access? 

ip nat inside source list 10 interface GigabitEthernet0/0/0 overload

0 Helpful

Go to solution
Patts
Level 1
Level 1
In response to MHM Cisco World

‎10-28-2022 03:00 AM

I forgot to ask both NAT setup above I'll need to do in Firewall and Router right? Thanks

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Patts

‎10-28-2022 03:05 AM - edited ‎10-28-2022 03:14 AM

 

ASA-Router Subnet
use one IP from this Subnet and config static NAT in ASA 
use this IP in router also to static NAT to WAN interface IP

Go to solution
Patts
Level 1
Level 1
In response to MHM Cisco World

‎10-31-2022 01:29 AM

Hi, can you confirm the NAT in the ASA is Manual or Auto NAT? Thanks

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Patts

‎10-31-2022 02:51 AM

manual NAT why? because we have dynamic NAT (auto) and we need FW to check static NAT before dynamic NAT so we need to config new static NAT as manual this put new NAT above dynamic and make FW check static NAT before dynamic NAT.
images.png

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card