Résolu : Re: Quelle adresse ip je devrait utiliser pour ma connexion externe

Christian_Dextraze · ‎04-11-2021

Nous avons un bloc d'adresses IP de notre fournisseur internet de 8 ip /29

Présentement, j'ai configurer dans notre nouveau Cisco Firepower 1140, une de nos adresses pour nos machines, mais est-ce que je devrais utiliser l'adresse Réseau, la première de notre bloc pour qu'il reçois bien toutes les autres. Ou bien c'est correct que je l'aille configuré comme ça? Car j'essaie de configuré un "NAT rules" et ça semble jamais se résoudre et c'est impossible d'avoir une réponse de notre serveur de l'externe.

merci,

Christian Dextraze

Rob Ingram · ‎05-11-2021

Hi @Christian_Dextraze

No you wouldn't use the network address.

If your address block is 127.123.123.0/29 then you would just create static NAT entries for each of the servers you wish to be accessible externally. Mapping the private IP address to the public ip address.

Example below, you possibly need to change the names of the interfaces.

object network SVR1
 host 10.1.1.26
 nat (inside,outside) static 123.123.123.2
!
object network SVR2
 host 10.1.1.27
 nat (inside,outside) static 123.123.123.3

For outbound nat translatations you can nat behind the outside interface. Example:-

nat (INSIDE,OUTSIDE) after-auto source dynamic interface

Voir la solution dans l'envoi d'origine

Rob Ingram · ‎05-11-2021

Hi @Christian_Dextraze

No you wouldn't use the network address.

If your address block is 127.123.123.0/29 then you would just create static NAT entries for each of the servers you wish to be accessible externally. Mapping the private IP address to the public ip address.

Example below, you possibly need to change the names of the interfaces.

object network SVR1
 host 10.1.1.26
 nat (inside,outside) static 123.123.123.2
!
object network SVR2
 host 10.1.1.27
 nat (inside,outside) static 123.123.123.3

For outbound nat translatations you can nat behind the outside interface. Example:-

nat (INSIDE,OUTSIDE) after-auto source dynamic interface

Christian_Dextraze · ‎05-11-2021

Hi @Rob Ingram,

Just to be sure, so my port 1/1 is my outside connection is configured as an outside ip and my 1/2 is an inside ip, that I use on our computer as a gateway and it does work to get access on internet from any computer inside.

I did also give a printscreen of my NAT rule, S015 is a host with my inside IP of the server and S015-outside is one of the ip that our provider gave us and is managed by Dyndns to point to that ip. When I try to ping, I see it give the right IP, but do not work. The only difference that I see is that my rule is (outside,inside) should I reverse that, I thought that an NAT rule was doing both way.

I also see that is a static rule, should I put also an dynamic one and should I add something in my Access Control rule also?

thanks again

Merci @Jimena Saez pour la traduction.

Christian_Dextraze · ‎05-11-2021

@Rob Ingram

that did it, I reversed my Nat rule and now I got a reply!

thanks

Jimena Saez · ‎05-11-2021

Thank you @Rob Ingram !

[Traduction de la réponse]

Salut Christian_Dextraze

Non, vous n'utiliseriez pas l'adresse réseau.

Si votre bloc d'adresse est 127.123.123.0/29, vous devez simplement créer des entrées NAT statiques pour chacun des serveurs que vous souhaitez rendre accessibles de l'extérieur. Mappage de l'adresse IP privée à l'adresse IP publique.

Voir l'exemple ci-dessous, vous devrez éventuellement modifier les noms des interfaces.

object network SVR1
 host 10.1.1.26
 nat (inside,outside) static 123.123.123.2
!
object network SVR2
 host 10.1.1.27
 nat (inside,outside) static 123.123.123.3

Pour les translations nat sortantes, vous pouvez nat derrière l'interface externe. Exemple:-

nat (INSIDE,OUTSIDE) after-auto source dynamic interface

Quelle adresse ip je devrait utiliser pour ma connexion externe

Liens rapides