https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513093#M1085545 <P>Greetings</P><P>I've been playing around with FDM and an FTD 7.0.1 and I'm having trouble understanding how to reach a NATed host from the inside network. It's a pretty basic setup with 192.168.1.0/24 as my inside network and 10.10.10.0/24 as an DMZ with some hosts with public services.</P><P>I've set up a NAT with port translation from DMZ to Outside where the DMZ host port 443 is translated to Outside 8443. FDM won't let med select the advanced DNS option but the NAT rule and corresponding ACL is working for traffic coming in from the Internet but I don't understand how to get this to work from the inside 192.168.1.0/24 network using the same DNS entry as on the Internet which resolves to my Outside IP.</P><P>&nbsp;</P><P>Any suggestions?</P><P>Regards</P><P>Fredrik</P> Sat, 04 Dec 2021 10:14:05 GMT hoffa2000 2021-12-04T10:14:05Z https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513093#M1085545 <P>Greetings</P><P>I've been playing around with FDM and an FTD 7.0.1 and I'm having trouble understanding how to reach a NATed host from the inside network. It's a pretty basic setup with 192.168.1.0/24 as my inside network and 10.10.10.0/24 as an DMZ with some hosts with public services.</P><P>I've set up a NAT with port translation from DMZ to Outside where the DMZ host port 443 is translated to Outside 8443. FDM won't let med select the advanced DNS option but the NAT rule and corresponding ACL is working for traffic coming in from the Internet but I don't understand how to get this to work from the inside 192.168.1.0/24 network using the same DNS entry as on the Internet which resolves to my Outside IP.</P><P>&nbsp;</P><P>Any suggestions?</P><P>Regards</P><P>Fredrik</P> Sat, 04 Dec 2021 10:14:05 GMT https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513093#M1085545 hoffa2000 2021-12-04T10:14:05Z https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513103#M1085546 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/293453">@hoffa2000</a> NAT reflection might work, an example <A href="https://integratingit.wordpress.com/2021/07/11/ftd-nat-reflection/" target="_self">here</A>.</P> Sat, 04 Dec 2021 11:12:37 GMT https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513103#M1085546 Rob Ingram 2021-12-04T11:12:37Z https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513177#M1085552 <P><A href="https://www.petenetlive.com/KB/Article/0001113" target="_blank">https://www.petenetlive.com/KB/Article/0001113</A></P><P>DNS doctoring&nbsp;</P> Sat, 04 Dec 2021 19:17:19 GMT https://community.cisco.com/t5/network-security/reach-static-nat-mappings-from-inside/m-p/4513177#M1085552 MHM Cisco World 2021-12-04T19:17:19Z