Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
4
Replies

Talking to a Xlated Address from a device behind the firewall? Hairpin?

stownsend
Level 2
Level 2

‎11-21-2014 02:16 PM - edited ‎03-11-2019 10:07 PM

We have an ASA 5510 8.3(2)

We are in need of a Device (PBX) behind the firewall to be able to communicate with a device (PolyCom) that is also behind the firewall but use the devices dynamically allocated xlated address.

 

PBX -> 10.0.0.10 -> ASA -> Fixed Public IP

PolyCom -> 10.0.0.11 -> ASA -> NAT Pool IP

 

I Need 10.0.0.10 to talk out the ASA to a NAT Pool IP. 

 

The PolyCom Phone makes a SIP Connection to SIP Truck Provider, then if I call a Number on our PBX, the PBX answers, then the Audio of the Call is handed to the Clients to communicate Directly without a Middle-man.  So they don't know at the time the call is placed that the call is to a device that is internal. 

 

 

Labels:
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎11-22-2014 01:31 AM

Hi,

If you want the local sub net to communicate with the Natted IP on the ASA device , you can use a NAT statement for it.

Now , the challenge is the NATTED ip.

You can use something like this and that should work:-

nat (inside,inside) source static <users> interface dest static NATTED IP LOCAL IP

Thanks and Regards,

Vibhor Amrodia

0 Helpful

stownsend
Level 2
Level 2
In response to Vibhor Amrodia

‎11-24-2014 09:53 AM

thank you for your reply.

I'm not sure I understand which IPs I need where.

 

PBX has a Static IP Internally and Externally

  10.0.0.10 Internal

  192.168.1.10 External

 

Polycom has Dynamic Internal and External. I Could Static the Internal IP.

  10.0.0.150-10.0.0.250  Internal   (10.0.0.251 Internal Static)

  192.168.1.3 (PAT) External

   192.168.1.50-100 (NAT POOL) External

 

So you are saying I could do something like?

nat (inside,inside) source static 10.0.0.251 interface dest static 192.168.1.3

nat (inside,inside) source static 10.0.0.251 interface dest static <NAT-POOL>

 

 

 

 

 

 

 

 

0 Helpful

stownsend
Level 2
Level 2
In response to stownsend

‎11-24-2014 11:04 AM

I'm getting the Following in my syslog:

%ASA-7-710005: UDP request discarded from 10.0.0.10/49154 to inside:192.168.1.3(unresolved)/2228

I've added:

access-list outside_access_in extended permit udp host 10.0.0.10 host 192.168.1.3

Though that didn't seem to help

 

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to stownsend

‎11-26-2014 04:20 AM

Hi,

So , I will assume this IP information:-

LAN Users:- 10.0.0.0/24

Internal Server:- 10.0.0.34

NATTED IP:- 2.2.2.2/32

object network obj-10.0.0.0

sub 10.0.0.0 255.255.255.0

object network obj-2.2.2.2

host 2.2.2.2

object network obj-10.0.0.34

host 10.0.0.34

nat (inside,inside) source static obj-10.0.0.0 interface dest static obj-2.2.2.2 obj-10.0.0.34

By this , every user on the LAN[10.0.0.0/24] will be able to access the IP:- 2.2.2.2 and will be redirected to the internal server instead of going out through the default gateway.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card