cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
1
Replies

Configure firepower to reroute Int traffic from Ext IP to Int IP?

tcimcy
Level 1
Level 1

Hello, I have a security system that both Internal and External users can log into.  It also has a redirect inside that will point to the Public IP address of the camera servers.  The directions instruct that I need to re-route the internal users back to the local IP of the camera servers by using NAT.  I have a Firepower firewall and have not figured out how to get the cameras working from inside the firewall.

Thanks for any assistance you can offer.

1 Reply 1

marce1000
VIP
VIP

 

 - To redirect internal users back to the local IP of the camera servers using Network Address Translation (NAT) on your Cisco Firepower firewall, you can follow these general steps:

Determine the local IP addresses of your camera servers: Identify the private/local IP addresses assigned to your camera servers within your internal network.

Create a NAT rule on your Cisco Firepower firewall: Configure a NAT rule that will translate the destination IP address of the incoming traffic from internal users to the local IP address of the camera servers. This way, the firewall will redirect the traffic to the appropriate internal IP address.

Define the NAT rule criteria: Specify the criteria for the NAT rule, such as the source and destination zones, source and destination IP addresses, and protocol/port numbers.

Configure the NAT action: Define the NAT action to perform the translation. In this case, you'll want to perform destination NAT (DNAT) to change the destination IP address of the traffic from the public IP to the local IP of the camera servers.

Apply the NAT rule: Apply the NAT rule to the appropriate firewall policy or access control rule that controls the traffic flow for the internal users accessing the camera servers.

The exact steps to configure NAT on a Cisco Firepower firewall may vary depending on the specific model and software version you're using. I'll provide a general example command that demonstrates the configuration:

firewall(config)# access-list CAMERAS_ACL extended permit ip any host <public_IP>
firewall(config)# nat (inside,outside) source static any any destination static CAMERAS_ACL <local_IP>

In the above example, <public_IP> should be replaced with the public IP address of the camera servers, and <local_IP> should be replaced with the corresponding local IP address.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Review Cisco Networking for a $25 gift card