Cisco ASA FW with VCS Expressway

bluesea2010 · ‎01-04-2018

Hi,

Vcs expressway edge with two nic's

one in the dmz and the other in the voice vlan .

Is it a valid configuration ?

Second thing , What type of NAT required ?

Any examples

Thanks

Debayan Chowdhury · ‎01-04-2018

Yes the configuration is correct.

Static NAT should be configured for the IP address on DMZ.

bluesea2010 · ‎01-05-2018

Hi,

The below design is validated design ( topology is below )

As you said the below nat statement is enough ?

object network obj-192.168.3.10
host 192.168.3.10
!

object network obj-192.168.3.10
nat (DMZ,Outside) static 5.5.5.5

Thanks

Patrick Sparkman · ‎01-04-2018

Configuration for a VCS-C/E is covered in the VCS Configuration Guides, look at the Basic Configuration (Control with Expressway) Deployment Guide, look at Appendix 3 (Firewall and NAT Settings) and 4 (Advanced Network Deployments).

bluesea2010 · ‎01-05-2018

Hi,

Cisco recommend the below .

What if I have the below topology

PJMack · ‎01-05-2018

Your drawing looks fine, but you need to configure NIC2 so the E knows the NAT configuration (it embeds the public address in the SIP/H.323 messaging), and also you need to set routes. NIC2 should be your default route, but set static route(s) for your internal traffic to use NIC1. Refer to the documents that Patrick mentioned, it's all in there.