• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 407
  • Last Modified:

Cisco ASA 5505 - Trying to configure PAT rules correctly

I recently hired an oDesk sub to set Access Rules and configure static PAT settings (NAT) for incoming calls to our Polycom device.  His Access Rules (firewall holes) look good, but his PAT settings look wrong.

- Image 1 shows his effort at the PAT rule.  10.20.2.21 is the private static IP of the Polycom.
- Image 2 shows my effort to correct the same PAT rule.  63.227.23.XX is the static IP of the office.  (I hid the last octet.)

I'll be candid, I'm not a network guy.  My PAT rule may be wrong-headed as well.  Please be candid in your responses.

 


oDesk-PAT-Setting.png
jdana-PAT-Setting.png
0
jdana
Asked:
jdana
  • 2
  • 2
2 Solutions
 
dcj21Commented:
Yous is correct for an Incoming connection, but from only the one IP address. If you want anyone to connect, change the 64.x.x.x to any.

If that doent work, what messages are you getting in debug or monitor?
0
 
jdanaAuthor Commented:
dcj21,

64.x.x.x is the public IP of the firewall's outside interface.  This is based on a suggestion a consultant made to me about a year ago.  Your suggestion of "any" makes more sense to me.  Will they both work?

J
0
 
dcj21Commented:
When you say only allow 64.x.x.x you are telling the firewall to only allow traffic that originates from your outside interface. Only your ASA and any NAT'ed traffic from inside would have that address. Users on the internet will have a different IP address.

So if you want anyone on the internet to connect, use any. If there is a specific company, use their IP address.
0
 
jdanaAuthor Commented:
Thanks for the follow-up.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now