Re: Configuring Site-to-Site Firepower to Mikrotik

a.bulat · ‎01-18-2021

Hi everybody,

I have configured from firepower side Site-to-Site VPN and from Mikrotik side as well. From Mikrotik router I can see that connection between router is established with success, but I can't ping from LAN A to LAN B , LAN C. I tried to create NAT policy and access rules and nothing help. Could you please help me with this situation how to create correctly NAT policy and access rules on firepower side only, but for Mikrotik I will try to create alone rules. I want to make practice on lab

Thanks in advance.

Rob Ingram · ‎01-18-2021

@a.bulat Provide screenshots of the NAT and ACP rules you created and provide the output of "show nat detail" from the CLI.

a.bulat · ‎01-18-2021

I can't to share NAT and ACP rules, but can you send a screen shoots how need to be configured nat and acp from the firepower side with information bellow in .JPG ?

Thanks in advance.

Rob Ingram · ‎01-18-2021

a.bulat · ‎01-18-2021

To access any branches need only NAT policy ?

a.bulat · ‎01-18-2021

How to indicate here in photo bellow from LAN A to LAN B ?

Rob Ingram · ‎01-18-2021

Original Source is LAN-A, Translated source is LAN-A, Original Destintation is LAN-B and Translated Destination is LAN-B. Create another rule for LAN-C

Then obviously you'll need an ACP rule permitting traffic from LAN-A to LAN-B/LAN-C and another rule permitting traffic from LAN-B/LAN-C to LAN-A.

Rob Ingram · ‎01-18-2021

You need NAT exemption policies (as per the example above) on each firewall, you need to permit traffic in the ACP on each firewall as you would do normally.

a.bulat · ‎01-18-2021

Could you please share screenshots from FTD side not from FMC, because for me is not clear how to configure NAT policy.