topic Re: Escalation for FDM on FTD in Network Security

Escalation for FDM on FTD

cm — Thu, 03 Mar 2022 13:33:57 GMT

Hi Cisco

I would like escalate to Cisco Technician. After few days of try to get things working with FDM to get Identity NAT Working. I have the a problem as my there seem to be handover problem on one of the legs for FTD. I have enclosed the configuration and ping results

Re: Escalation for FDM on FTD

Marvin Rhoads — Thu, 03 Mar 2022 14:19:42 GMT

This is the (free) Cisco community, not the (paid) Cisco TAC. Members here help out of goodwill.

Your NAT rules should use (inside,outside). Also, when you run packet-tracer, make the input inside and use the real IP address of the server you want to test. (not the public NAT address). Finally, your incoming access-list entries allow ip any incoming to your servers. This is generally a very bad idea as it essentially exposes the server to the Internet on all ports.

Re: Escalation for FDM on FTD

Karsten Iwen — Thu, 03 Mar 2022 14:35:48 GMT

Adding to Marvins answer: Your Firepower uses completely outdated software. You really should update to a recent version. But this is not related to your problem.

Re: Escalation for FDM on FTD

balaji.bandi — Thu, 03 Mar 2022 15:04:17 GMT

contact same TAC case it was before and re-open to help you with cisco technician.

Re: Escalation for FDM on FTD

cm — Thu, 03 Mar 2022 17:04:15 GMT

@Marvin Rhoads the idea is for impliment NAT 0 or identity NAT. where there is no NAT at all for the public address... But I m not getting that all .

Re: Escalation for FDM on FTD

Marvin Rhoads — Fri, 04 Mar 2022 15:14:38 GMT

Can you explain in more detail what you are trying to do? NAT 0 is typically used when the host(s) need to traverse a VPN and not be NATted (NAT exemption).

Re: Escalation for FDM on FTD

cm — Fri, 04 Mar 2022 16:23:59 GMT

@Marvin Rhoads I want to protect my mail and other servers with public addresses , But I don't want to change the IP Address on the servers. So I m using FDM to deploy not FMC.

Re: Escalation for FDM on FTD

Marvin Rhoads — Sun, 06 Mar 2022 03:58:48 GMT

So you want something like this example?

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/nat-reference.html#ID-2091-00000009

That's on ASA but the concept is the same. You might also take a look at this free Labminutes video for a demonstration on how to setup static NAT using FDM:

http://www.labminutes.com/sec0232_ftd_61_firepower_device_manager_configuration_1

Re: Escalation for FDM on FTD

cm — Wed, 09 Mar 2022 15:40:45 GMT

Thanks i got it

Thanks I got it ... I I think interpreted wrong.