I was wondering if somebody can help me out and tell me if i am thinking the right way.
I have a old Cisco ASA 5505 and will need to be replaced with Meraki MX67C-WW.
On the site i have one PBX server on prem with IP: 192.168.XX.21 and 25 VoIP phones.
In my Cisco ASA on the WAN side i have an IP: 82.33.XX.201
When the PBX server on prem is communicating with the VoIP provider it is coming out via 82.33.XX.204 (on of the public IP addresses that are available from my ISP).
I have the following object and access list
object network Public_VoIP
object network Net_VoIP_Provider
subnet 89.184.XX.0 255.255.XX.0
object network Srv_VoIP_PBX
And the following access-list
access-list Outside_FO_access_in extended permit object-group DM_INLINE_SERVICE_2 any object Srv_VoIP_PBX
his is what is under DM_INLINE_SERVICE_2
access-list Outside_FO_access_in extended permit udp any object Srv_VoIP_PBX range 10000 20000
access-list Vlan_Users_access_in_1 extended permit object-group DM_INLINE_SERVICE_4 object Srv_VoIP_PBX object Net_VoIP_Provider
This is what is under DM_INLINE_SERVICE_4
Now NAT in Cisco Meraki is a bit different than in Cisco ASA (as far as i can see).
On my Cisco Meraki i have done the following settings in 1:1 NAT
Will the current settings that i have on the 1:1 NAT in the new Cisco Meraki work with for the PBX and the VoIP system?
Many thanks in advanced.
Could you tell us what your port list is on the ASA?
Specifically what's under the hood on object-group DM_INLINE_SERVICE_2 and object-group DM_INLINE_SERVICE_4.
The 1:1 NAT is the correct thing to use but there is not enough information to comment on the port list.
If you know the IP address(s) used by the VoIP provider they could you could just allow all ports from their IP addresses.
For the DM_INLINE_SERVICE_2
For the DM_INLINE_SERVICE_4.
I also updated the post :).
Thanks in advance.
From the old Cisco ASA firewall i am able to see that the VoIP provider subnet is 89.184.XX.0 255.255.XX.0.
So i believe that in the 1:1 NAT in the Remote IPs i will need to replace any with 89.184.XX.0 255.255.XX.0 ?