dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to fcisler

Re: static NAT with ASA5505

the problem isn't an asa/security problem -- its a routing problem.

since your 'voip' device doesn't have a default gateway -- it has no knowledge of the other networks -- and doesn't know who to send traffic to in the result of an external network.
you're on the right road to nat -- but you've put the nat in a nat0 statement (nat exempt). you'll need to define a nat pool to dynamically nat your inside net to a 10.10.200.0/24 ip address -- which will allow standard 'arp' constructs to provide reachability via layer-2.

regards,
q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


fcisler
Premium
join:2004-06-14
Riverhead, NY
thank you for the help. I understand this is a routing problem, which is why I have approached this with NAT.

Could you possible give me an example command?


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
something like

nat (inside) 1 192.168.2.0 255.255.255.0
global (edge) 1 10.10.200.10-109
 

should get you close.[0]
admittedly -- my asa-fu has gotten weaker.

[0] »www.cisco.com/en/US/docs/securit···mic.html

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."