Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
4
Replies

NAT Configuration

am_rajan
Level 1
Level 1

‎01-24-2024 06:38 AM

Hi

I am new to this topics and will be great if any one can help.

FTD 1120 in HA.

Server1.xxx.ws --> public IP 55.55.55.55 ---NAT----> 172.x.x.100:8080
Server2.xxx.ws --> public IP 55.55.55.55 ---NAT----> 172.x.x.150:3636

As you can see my task is to access 2 different internal servers (Private ips(172.x.x.x)) using same public IP (55.55.55.55) which has different DNS names(sub domains).

Pls do help.

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎01-24-2024 07:45 AM

sorry what is issue? 
you want to know how you can config this NAT ? 
if yes how you manage the FTD via FDM or FMC ?
MHM

0 Helpful

am_rajan
Level 1
Level 1
In response to MHM Cisco World

‎01-27-2024 02:28 AM

Hello 

Yes, I would like to know how to configure the NAT and ACCESS rule, and I am using FDM. And please keep in mind that the traffic initiates from outside to inside, and it will be HTTPS traffic. 

The client access the service through the dns which is https://server1.xxx.ws or https://server2.xxx.ws and both are linked to the same public IP which is 55.55.55.55. and then it needs to be nated to 2 different hosts. 

My confusion is both incoming traffic is https so how can we differentiate this so that we can nat this to appropriate internal hosts 

Hope you understand my issue

0 Helpful

MHM Cisco World
VIP
VIP
In response to am_rajan

‎01-27-2024 02:41 AM - edited ‎01-27-2024 02:41 AM

Now it clear 

In your original I dont see you mention both mapped IP use http port 

If that case 

Sorry I dont see anyway make FTD know the traffic incoming for any server.

If you use two ports (not both use http) that can solve issue.

Or order new public IP and use it for one server.

Sorry again 

Have a nice day 

MHM

0 Helpful

Georg Pauwen
VIP
VIP

‎01-24-2024 08:23 AM

Hello,

the below should work:

object network InternalServer1
host 172.x.x.100

object network InternalServer2
host 172.x.x.150

object network InternalServer1
nat (inside,outside) static 55.55.55.55 service tcp 8080

object network InternalServer2
nat (inside,outside) static 55.55.55.55 service tcp 3636

0 Helpful
Customers Also Viewed These Support Documents