Solved

Cisco ASA 5505 - Trying to configure PAT rules correctly

Posted on 2011-09-25
4
387 Views
Last Modified: 2012-05-12
I recently hired an oDesk sub to set Access Rules and configure static PAT settings (NAT) for incoming calls to our Polycom device.  His Access Rules (firewall holes) look good, but his PAT settings look wrong.

- Image 1 shows his effort at the PAT rule.  10.20.2.21 is the private static IP of the Polycom.
- Image 2 shows my effort to correct the same PAT rule.  63.227.23.XX is the static IP of the office.  (I hid the last octet.)

I'll be candid, I'm not a network guy.  My PAT rule may be wrong-headed as well.  Please be candid in your responses.

 


oDesk-PAT-Setting.png
jdana-PAT-Setting.png
0
Comment
Question by:jdana
  • 2
  • 2
4 Comments
 
LVL 4

Accepted Solution

by:
dcj21 earned 500 total points
ID: 36596887
Yous is correct for an Incoming connection, but from only the one IP address. If you want anyone to connect, change the 64.x.x.x to any.

If that doent work, what messages are you getting in debug or monitor?
0
 

Author Comment

by:jdana
ID: 36717048
dcj21,

64.x.x.x is the public IP of the firewall's outside interface.  This is based on a suggestion a consultant made to me about a year ago.  Your suggestion of "any" makes more sense to me.  Will they both work?

J
0
 
LVL 4

Assisted Solution

by:dcj21
dcj21 earned 500 total points
ID: 36717270
When you say only allow 64.x.x.x you are telling the firewall to only allow traffic that originates from your outside interface. Only your ASA and any NAT'ed traffic from inside would have that address. Users on the internet will have a different IP address.

So if you want anyone on the internet to connect, use any. If there is a specific company, use their IP address.
0
 

Author Closing Comment

by:jdana
ID: 36720096
Thanks for the follow-up.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 port led all amber 5 72
EIGRP Load sharing 12 60
Classlful vs Classless subneting 18 63
ASA 5510 upstream unable to exceed 20 mbps 23 28
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now