пятница, 28 февраля 2014 г.

vsx7000, nat, asa 5510

конфигурация asa:
-----------------------------------------------------------------
name 192.168.2.2 vsx7000_int description Polycom VSX7000
name 8.3.12.11     vsx7000_ext description vsx7000.domain.com
object-group service TCP_vsx7000 tcp
  port-object eq h323
  port-object range 3230 3239
 

object-group service UDP_vsx7000 udp
  port-object range 1718 1719
  port-object range 3230 3269

access-list outside_in extended permit tcp any host
vsx7000_ext object-group TCP_vsx7000
access-list outside_in extended permit udp any host
vsx7000_ext object-group UDP_vsx7000
access-list inside_in extended permit tcp host vsx7000_int any
access-list inside_in extended permit udp host vsx7000_int any

static (inside,outside)
vsx7000_ext vsx7000_int netmask 255.255.255.255 norandomseq
-----------------------------------------------------------------


конфигурация vsx:
-----------------------------------------------------------------
System > Admin Settings > Network > IP > Firewall
Fixed Ports * 
NAT Configuration -> Manual
NAT Outside Address 8.3.12.11
NAT is H.323 Compatible - включен для работы через VPN, иначе выключен.
-----------------------------------------------------------------