01-18-2021 06:22 AM
Hi everybody,
I have configured from firepower side Site-to-Site VPN and from Mikrotik side as well. From Mikrotik router I can see that connection between router is established with success, but I can't ping from LAN A to LAN B , LAN C. I tried to create NAT policy and access rules and nothing help. Could you please help me with this situation how to create correctly NAT policy and access rules on firepower side only, but for Mikrotik I will try to create alone rules. I want to make practice on lab
Thanks in advance.
01-18-2021 06:29 AM
@a.bulat Provide screenshots of the NAT and ACP rules you created and provide the output of "show nat detail" from the CLI.
01-18-2021 06:39 AM
01-18-2021 06:43 AM
01-18-2021 06:49 AM
To access any branches need only NAT policy ?
01-18-2021 07:51 AM
01-18-2021 07:56 AM
Original Source is LAN-A, Translated source is LAN-A, Original Destintation is LAN-B and Translated Destination is LAN-B. Create another rule for LAN-C
Then obviously you'll need an ACP rule permitting traffic from LAN-A to LAN-B/LAN-C and another rule permitting traffic from LAN-B/LAN-C to LAN-A.
01-18-2021 06:54 AM
You need NAT exemption policies (as per the example above) on each firewall, you need to permit traffic in the ACP on each firewall as you would do normally.
01-18-2021 07:22 AM
Could you please share screenshots from FTD side not from FMC, because for me is not clear how to configure NAT policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide