UsharaniDavuluri
asked on
Cisco ASA 5510 Firewall port forwarding for 5060 VoIP
Hi,
here is my configuration file. I have been trying to open port 5060 and forward it to an internal IP. Please help me with proper instructions please. ASA version is 8.2 and ASDM vertion is 6.2.
Thanks,
Usha
My-Firewall(config)# show running
: Saved
:
ASA Version 8.2(1)
!
hostname My-Firewall
domain-name xxxxx.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.x 255.255.255.240
!
interface Ethernet0/1
nameif Phone
security-level 80
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
nameif Data
security-level 90
ip address 192.168.101.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
security-level 10
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
dns server-group Default DNS
domain-name xxxxx.com
pager lines 24
logging asdm informational
mtu Outside 1500
mtu Phone 1500
mtu Data 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
global (Phone) 1 interface
nat (Phone) 1 0.0.0.0 0.0.0.0
nat (Data) 1 0.0.0.0 0.0.0.0
nat (management) 101 0.0.0.0 0.0.0.0
route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Outside 0.0.0.0 255.255.255.240 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco rd DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 8.8.8.8 8.8.4.4 interface management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:398862d499a 48bbbe3dd2 0ae09110a3 e
: end
here is my configuration file. I have been trying to open port 5060 and forward it to an internal IP. Please help me with proper instructions please. ASA version is 8.2 and ASDM vertion is 6.2.
Thanks,
Usha
My-Firewall(config)# show running
: Saved
:
ASA Version 8.2(1)
!
hostname My-Firewall
domain-name xxxxx.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.x 255.255.255.240
!
interface Ethernet0/1
nameif Phone
security-level 80
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
nameif Data
security-level 90
ip address 192.168.101.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
security-level 10
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
dns server-group Default DNS
domain-name xxxxx.com
pager lines 24
logging asdm informational
mtu Outside 1500
mtu Phone 1500
mtu Data 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
global (Phone) 1 interface
nat (Phone) 1 0.0.0.0 0.0.0.0
nat (Data) 1 0.0.0.0 0.0.0.0
nat (management) 101 0.0.0.0 0.0.0.0
route Outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Outside 0.0.0.0 255.255.255.240 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 8.8.8.8 8.8.4.4 interface management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:398862d499a
: end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Kvistofta: Good one. Now why did I forget that?
@Kvistofta: Never mind, just looked at your profile :-~
what is the ip address of mitel device?