cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
259
Views
0
Helpful
2
Replies

VPN PATing question

redrobish
Level 1
Level 1

Hi Guys,

Currently I've setup my ASA5505 with a point-point vpn for ip-phone and phone proxy in the same device. So all working well..

Now to mitigate a tftp issue w/ phone proxy, I've performed PAT on all outside traffic going inbound through the ASA. But whenever i do that, the other side cannot ping the inside ip of the other side. So I just PAT only the specific ip address of the phone using the phone proxy.

Now how can I PAT all outside traffic going inbound through the ASA but allow the ping reply from the other side?

hope that's clear enough!

my PAT:

PhoneProxyASA(config)# nat (outside) 55 0 0 outside

PhoneProxyASA(config)# global (inside) 55 interface

hope some one can help me...

Thanks

Robert

2 Replies 2

mchin345
Level 6
Level 6

If you want inside hosts to share a single public address for translation, use PAT. If the global statement specifies one address, that address is port translated. The PIX allows one port translation per interface and that translation supports up to 65,535 active xlate objects to the single global address.

Click this link in order to allow inside hosts access to outside networks with the use of PAT.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t2

No worry,

i just pat the subnet that is used by my phone proxy not all.

That fixed my issue...

Thanks for the post anyway.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: