[cisco-voip] ASA Firewall NAT Configuration for Expressway Traversal
Dana Tong
Dana_Tong at bridgepoint.com.au
Tue Jan 27 16:32:02 EST 2015
All good now thanks. Had to come to terms with ASA 8.4 NAT and had a slight misconfig on the Expressway C. (ie my C needed to communicate with the NAT’d Public address on the E for the traversal zone).
Cheer
From: Charles Goldsmith [mailto:wokka at justfamily.org]
Sent: Friday, 23 January 2015 6:42 AM
To: Dana Tong
Cc: cisco-voip at puck.nether.net (cisco-voip at puck.nether.net)
Subject: Re: [cisco-voip] ASA Firewall NAT Configuration for Expressway Traversal
Dana, the deployment guide talks about a single nic and nat reflection, look at the firewall section of http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-5/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-5.pdf
Depending on your network layout, this could be causing your issue.
On Wed, Jan 21, 2015 at 3:47 PM, Dana Tong <Dana_Tong at bridgepoint.com.au<mailto:Dana_Tong at bridgepoint.com.au>> wrote:
Hi all,
I’ve configured my Expressway C & for traversal but I appear to be having an issue on my firewall.
I believe I’ve configured the Firewall OK but I am still receiving an error. Packet-tracer however shows that the flow should be allowed.
Inbound and outbound calls ring on the VC units but when the call is answered there is no video received in each direction.
The NAT is below, I have an ACL to allow the ports in the firewall guide.
object network Expressway-EDGE_Private
host 192.168.a.b
description Real IP of Expressway EDGE
object network Expressway-EDGE_Public
host 161.x.y.z
description External Interface for Video Conferencing
nat (dmz,outside) source static Expressway-EDGE_Private Expressway-EDGE_Public
I was seeing the following error, but it doesn’t seem to be coming up anymore.
[cid:image001.png at 01D03ACC.83BAC820]
Thanks
Dana
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150127/8ab34fb5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 53295 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150127/8ab34fb5/attachment.png>
More information about the cisco-voip
mailing list