Source is anything out on the Internet (alternatively, you can create a network object or group with specific IP addresses or ranges).
Highlight “Access Rules” option.ħ.) Click on the “Add” option on the right side to add a new access rule and choose “add new access rule”Ĩ.) Choose Interface “Outside” because this is going to be a rule that applies to outside traffic traveling to the inside of the network. Click on “Configuration” at the top again and then click on “Firewall” down on the bottom menu again. In turn, the ASA will automatically translate inbound traffic from the outside static public IP specified from the outside interface to the inside interface destined for the internal IP specified.ĥ.) Now that has been done, click the “Apply” button at the bottomĦ.) Now, we need to add port forwarding rules for VoIP traffic. Then click “Ok.” Essentially, this tells the ASA to statically (always) translate traffic from inside interface from the inside IP of the VoIP system destined for the outside Interface to translate to the static public IP you specified. Select the “Use IP Address” option and specify an available static public IP from your ISP that you have not used in a NAT policy yet. The translated Interface is the outside interface. Once in the firewall section, highlight “NAT Rules”ģ.) Click on the “Add” option on the right side to add a new static NAT rule and choose “add new static NAT rule”Ĥ.) Original Interface is “inside” with a source that is the internal IP of the VoIP System. Click on “Configuration” at the top, then click on “Firewall” down on the bottom menu. So, let’s make it simple:Ģ.) First, we need to ensure a NAT policy exists for a Public IP to NAT to the internal IP of the VoIP system / server.
#CISCO 5505 ASA FIREWALL HOW TO#
So you have a client that has a VoIP system? They have remote users that need to be able to access the phone system from Internet / VPN? How do you configure an ASA to work with this type of a scenario? Or, even better, why isn’t your ASA configuration working to allow this? If you Google this and look at forums, you will find overly-complicated, convoluted tech-talk and people posting their specific Cisco configs for others to look through and help them with their specific issues as opposed to an easy-to-understand generic formula for how to accomplish this relatively common scenario.
0 kommentar(er)
