This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

More than one ASL5.1 behind one ISP-Router

Good evening,

since a few days, i have 2 ASL5.1 behind my ISP-Router.
My Topology is:

Astaro1 behind the Router:
WAN(Address) = 62.2.xx.218/30 (GW .217 (Router!))
Internal(Address) = 192.168.100.0/24
DMZ(Address) = 62.3.xx.33/28

Astaro2 in DMZ(Network), too:
DMZ(Address) = 62.3.xx.46/28
Internal(Address) = 192.168.200.0/24

Is it a functional configuration?

My problem is, how to build rules from WAN to
Internal(Network) on Astaro2. Behind Astaro2 must install
SIP-Phones and how can i realised it??

Ports are UDP 5004, 5060, 8000:8012 incoming from WAN.

I've tested some scenarios, but can't find a solution.

Astaro1:
any -> SIPGroup -> Internal(Astaro2) | allow

NAT:
??

Astaro2:
any -> SIPGroup -> SIPPhone | allow

How even, thanks for your attention and have a try
to explane me my misunderstood.

regards
ako

This thread was automatically locked due to age.

0 UweK over 21 years ago

Hi Ako,

I'va a similar configuration:

ASTARO1 -- DMZ (10.10.10.0/29)-ASTARO2-Internal (192.168.0.0/24)

In the DMZ I have Mail and WWW-Server. To reach these servers I configured on ASTARO1 DNAT to forward requests on port 80 to the DMS's address for www-server and on port 25 to forward requests to DMS's address for mail-server.

Also, I confirured following packet filter rules on ASTARO1:

allow from any ip any port to DMZ's IP-mail port 25
allow from any ip any port to DMZ's IP-WWW port 80

Transforming these to your config I suppose as follow:

configure for each requestet port a dnat-rule and a packet filter rule to permit and forward the requests. remember to create a network object definition for the sip-phone(s).

because you use DNAT, I think, you only can use at least one sip-phone for incomming calls.

BTW: Why do you have two internel nets - each behind every ASL?

Uwe
Cancel
Vote Up 0 Vote Down

Cancel