cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
185
Views
0
Helpful
2
Replies

DNAT Config on FMC

HAT
Level 1
Level 1

Hi All,

I m trying to set Destination NAT so that an outside source can send some logs to an inside log collector server via UDP . The translation device in this case is a FMC managed FTD . Please find below the expected flow of the traffic

Source IP address - Public  ( 1.1.1.1 ) >>>> FTD device Outside - Public ( 2.2.2.2)  >>>> FTD device Inside GW - Private ( 10.1.1.1)   >>> Destination Server ( 10.1.1.2 )

I have applied the following configuration on FMC but it does not seem to work .

1. DNAT Rule

Nat Rule : Manual ( NAT Rule Before ) 

Interface Objects:

Source Interface : FTD device Outside Public ( 2.2.2.2) 
Destination Interface : FTD device Inside GW Private ( 10.1.1.1)

Translation :

- Original Packet

Original Source : 1.1.1.1
Original Destination : 2.2.2.2

- Translated Packet :

Translated Source : 2.2.2.2
Translated Destination : 10.1.1.2

2. Access Control Rule

Source Zone : Outside
Destination Zone : Inside
Source IP : 1.1.1.1
Destination IP : 10.1.1.2

Not sure where I'm going wrong here any  assistance will be appreciated .

Thanks

 

2 Replies 2

I dont think you can do that, the traffic not allow to pass from OUT to IN then to Server connect to IN,

inside make FTD use IN to send log to Server 

MHM

HAT
Level 1
Level 1

Good Morning and thank you for your reply . I'm not  sure I follow ,  this is essentially some kind of port forwarding , are you saying that this configuration  can't achieve that  ?

I can see some hits  on the access control policy though 

Review Cisco Networking for a $25 gift card