cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

124
Views
0
Helpful
2
Replies
Beginner

VPN PATing question

Hi Guys,

Currently I've setup my ASA5505 with a point-point vpn for ip-phone and phone proxy in the same device. So all working well..

Now to mitigate a tftp issue w/ phone proxy, I've performed PAT on all outside traffic going inbound through the ASA. But whenever i do that, the other side cannot ping the inside ip of the other side. So I just PAT only the specific ip address of the phone using the phone proxy.

Now how can I PAT all outside traffic going inbound through the ASA but allow the ping reply from the other side?

hope that's clear enough!

my PAT:

PhoneProxyASA(config)# nat (outside) 55 0 0 outside

PhoneProxyASA(config)# global (inside) 55 interface

hope some one can help me...

Thanks

Robert

2 REPLIES 2
Highlighted
Frequent Contributor

Re: VPN PATing question

If you want inside hosts to share a single public address for translation, use PAT. If the global statement specifies one address, that address is port translated. The PIX allows one port translation per interface and that translation supports up to 65,535 active xlate objects to the single global address.

Click this link in order to allow inside hosts access to outside networks with the use of PAT.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t2

Beginner

Re: VPN PATing question

No worry,

i just pat the subnet that is used by my phone proxy not all.

That fixed my issue...

Thanks for the post anyway.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here