Hi,
I am struggling to get my head around how to get an additional public ip range working through a cisco 1140 ftd.
I had asked previously and was told there arent alias interfaces or suchlike on the FTD like there is on Sophos and was told to just use static nat.
Ive watched a ton of videos and looked online and I keep finding different suggestions. (I cant get any to work anyway)
Below is a bad diagram of what my setup looks like (ive used made up public ips just for an example).
What i want to do is
1) traffic from the internet to the web server for http, https, udp 59221, tcp 59221 using the public ip 205.20.111.36
2) rdp to the rdp server using the public ip 205.20.111.33 but port 45456
3) have the public ip of 205.20.111.38 work on the internal router.
For 2) I have tried just doing a normal static nat with and without RDP port in destination port fields (ive also got it disabled at the moment but when testing i have enabled the status)
For info, internet out is working fine and i can remote onto the firewall fine too. so those basics are all ok. Oh i also forgot on my diagram i have an inside interface on subnet 192.168.1.x and also another interface on 192.168.3.x
If anyone could help it would be gratefully received.
Well this is odd. Its failing the deployment when i try and remove the support IP from the RDP rule. So I have gone on the cli and the rdp rule is not there. But its showing on the FTD Gui.
access-group NGFW_ONBOX_ACL global
access-list NGFW_ONBOX_ACL remark rule-id 268435460: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435460: L5 RULE: DNAT_Sig
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435460 ifc outside any ifc inside object SigServer_INT rule-id 268435460 event-log flow-end
access-list NGFW_ONBOX_ACL remark rule-id 268435457: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435457: L7 RULE: Inside_Outside_Rule
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435457 ifc inside any ifc outside any rule-id 268435457 event-log both
access-list NGFW_ONBOX_ACL remark rule-id 268435464: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435464: L5 RULE: WAN_internalPubrange
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435464 ifc outside object any-ipv4 object Internal_Pub_IP_range rule-id 268435464 event-log flow-end
access-list NGFW_ONBOX_ACL remark rule-id 268435458: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435458: L7 RULE: Prod_WAN
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435458 ifc prod any ifc outside any rule-id 268435458
access-list NGFW_ONBOX_ACL remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 1: L5 RULE: DefaultActionRule
access-list NGFW_ONBOX_ACL advanced deny ip any any rule-id 1
access-list NGFW_ONBOX_ACL remark rule-id 268435462: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435462: L5 RULE: LAN_Prod
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435462 ifc inside any ifc prod any rule-id 268435462
access-list NGFW_ONBOX_ACL remark rule-id 268435463: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL remark rule-id 268435463: L5 RULE: Prod_LAN
access-list NGFW_ONBOX_ACL advanced permit object-group |acSvcg-268435463 ifc prod any ifc inside any rule-id 268435463
