Author Topic: Teleworker 1:1NAT through Cisco ASA5505  (Read 11566 times)

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Teleworker 1:1NAT through Cisco ASA5505
« Reply #15 on: January 15, 2014, 10:14:51 AM »
SteAnnesIT,

Sorry I haven't programmed one in a year or so now, but the Static NAT is the way to go and I believe from the little I read you are trying to use Dynamic NAT instead.

I don't see many differences here in the concepts between the two documents so the path I provided should still work, but the syntax may need to change a little. Did you try to set it up as a Static NAT to see if it would work?

Thanks,

Steven


Offline SteAnnesIT

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Re: Teleworker 1:1NAT through Cisco ASA5505
« Reply #16 on: January 15, 2014, 11:05:02 AM »
This same syntax works for all of my dedicated servers,  email, web, vpn.

Define the IP address of telework_in (the private IP address)

Code: [Select]
object network telework_in
 host 192.168.35.11

Define the IP address of telework_out (the public IP address)

Code: [Select]
object network telework_out
 host 10.10.10.23

Define a static 1:1 NAT for 192.168.35.11 <-> 10.10.10.23

Code: [Select]
object network telework_in
 nat (phonesys,outside) static telework_out

ASA 8.4+ is very object oriented. This is saying basically:

Code: [Select]
object network 192.168.35.11
 nat (phonesys,outside) static 10.10.10.23

I'm pretty sure that a PAT statement would be something like:

Code: [Select]
object network 192.168.35.11
 nat (phonesys,outside) dynamic 10.10.10.23

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Teleworker 1:1NAT through Cisco ASA5505
« Reply #17 on: January 15, 2014, 11:22:53 AM »
SteAnnesIT,

Hmm, well it could be an inspection condition that is causing the issue. I am going to look at your original problem though.

Is the phone connecting up to the system? Yes
Audio both way? No
Audio from System to Endpoint? Yes
Audio from Endpoint to System? No

Is Peer Audio turned on for that phones network group?

System > Devices and Feature Codes > Phones > Ext XXXX > Network Group P?XX

If Peer to Peer Audio is on then you will not get 2-way audio, but I don't see where we asked that question before. I was under the mindset lately that the phone was connecting at all to the system; sorry.

Thanks,

TE

Offline SteAnnesIT

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Re: Teleworker 1:1NAT through Cisco ASA5505
« Reply #18 on: January 15, 2014, 12:59:28 PM »
Okay for me it goes...

System > Devices and Feature Codes > Phones > Local (PBX A) > {Teleworker Extension} > IP Settings > Network Group:  PP029

So then I go to:

System > Devices and Feature Codes > Network Groups:  PP029 | Default Network GRP | EXT PP029 | No (Use Peer-To-Peer Audio).

So I'm assuming, No, Peer-To-Peer Audio isn't on.

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Teleworker 1:1NAT through Cisco ASA5505
« Reply #19 on: January 15, 2014, 02:06:02 PM »
SteAnnesIT,

Well at this point I would be breaking out Wireshark and getting captures of the whole process up to and including the fail point.

What you would be looking for is the break down in the communication path from the Endpoint to the System since the audio is lost going in that direction. This means you need to set up on the Endpoint side and do the capture there to see where the packets are going to. If you see them going to the correct location then the problem is in the ASA dropping the packets most likely through its inspection state.

After you find that you will probably need to contact Cisco to find out how to set up your ASA to allow for the Endpoint to communicate properly.

Thanks,

TE


 

Sitemap 1 2 3 4 5 6 7 8 9 10