Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,
I realize there have been many posts about QoS on the ASA before, but I'm hoping to gain some further clarification/insight on a specific situation.
For starters, I have an ASA 5505 on 9.1(2) code. I have two VLANs configured (inside and out...
Hello,I am trying to configure zone based firewall (on a 2911 with the k9 security license) to pass VoIP traffic from my VoIP provider to an internal IP PBX (3CX) and vice versa. The way I have it setup currently is to permit all outgoing traffic fro...
Hi,I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in th...
Hello,I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-...
Hi,I am wondering if it is possible to run a dual ASA dual (active) ISP scenario. Here is what I have to work with-ASA 5510 Base-ASA 5505 Sec+-3560 L3 switch-Two separate ISPsWhat I would like to do is setup one ISP to run only voice traffic while th...
Hi,
I did end up figuring this out, though we no longer use this phone system... hopefully I can help you out anyway.
There were a few issues specific to my deployment / environment:
1. ZBF was blocking outgoing UDP traffic from my PBX
2. ZBF was ...
I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to. I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation...
Tagir,Unfortunately, my scenario isn't as straight forward as the branch office that you described. I have different users with differing needs. Some users will only need basic web and email access, others will be doing more demanding things, such as...
Thanks for the input.1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.2. Here's a little more info on the phone situa...
Hi Marius,Below is the new config. Note that I have changed NAT to use the default obj_any object to NAT the inside subnet. Also note that I haven't modified the ACL's in any way. I simply used the IPSEC Remote Access VPN Wizard to setup the VPN.Late...
