Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
2
Replies

Cisco FMC Manual Static NAT for DMZ Webserver not working

telesymbol
Level 1
Level 1

‎08-04-2022 11:48 AM

Dear All,
we've a webserver inside DMZ and did manual NAT for outside access, and it works if its configured as below inputs, but if we change (Source Interface object: DMZ and Destination Interface object: Outside) it won't be accessible. Please advise on the issue.
Type: Static
Source Interface object: Any
Destination Interface object: Any
Original Source: Webserver-Inside-IP
Original Destination: Any (0.0.0.0/0)
Translated Source: Webserver-Public-IP
Translated Destination: Any (0.0.0.0/0)
Regards

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎08-04-2022 11:58 AM - edited ‎08-05-2022 05:33 AM

there are dynamic manual NAT above this NAT, make the traffic from DMZ toward OUT dynamic NAT and hence bypass your NAT.
you can do select 

before auto NAT 

or change the NAT number.

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-05-2022 05:27 AM

are you trying to access the server from the internet or allowing the server access to the internet?

Could you run a packet-tracer and post the result here for review?

packet-tracer input DMZ tcp <real webserver IP> 443 8.8.8.8 443

packet-tracer input Outside tcp 8.8.8.8 443 <real webserver IP> 443

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card