ā11-15-2024 09:15 PM
Hello guys,
I been for days reading all type of articles and information but I am unable to setup my network, I will appreciate so much if someone could help; I am trying to setup a webserver for webhosting, an Email server and a Application Server but I have one static IP 168.63.129.16/31 Gateway 168.63.129.15 (example)
How can I setup this in the firepower and the defaul outside IP?
Thank you in advance!
Solved! Go to Solution.
ā11-16-2024 12:08 AM
@nomorenoless create an object to represent the IP address of the internal server. Create a manual NAT rule (as below), reference the object as the source address, select the destination interface (use your outside interface public IP address), just change the port to meet your needs.
Example - https://integratingit.wordpress.com/2020/02/08/ftd-configuration-using-fdm/
ā12-05-2024 06:04 AM
@nomorenoless you may need a NAT exemption rule to ensure traffic from intranet to web/email server is not unintentially translated.
I don't have an FDM example, but here is an ASA NAT exemption rule example (it's the same logic on FDM) https://integratingit.wordpress.com/2022/01/16/asa-nat-exemption/
ā11-16-2024 12:08 AM
@nomorenoless create an object to represent the IP address of the internal server. Create a manual NAT rule (as below), reference the object as the source address, select the destination interface (use your outside interface public IP address), just change the port to meet your needs.
Example - https://integratingit.wordpress.com/2020/02/08/ftd-configuration-using-fdm/
ā12-05-2024 05:57 AM - edited ā12-05-2024 06:00 AM
Thank you for @Rob Ingram it, I did it and works great, now just I have one issuie, I have a small developement and self hosted webserver, email server and LDAP, all is running thru the same one IP address, I know, I know, but I am low budget now. anyhow... therefore my structurer will be something like:
Ethernet 1/12 WAN 168.63.129.16
Ethernet 2/12 Management 192.168.168.168
Ethernet 3/12 Intranet 10.66.66.0/24
Ethernet 4/12 web, email server 10.30.30.31
Ethernet 5/12 LDAP server 10.20.20.21
my web and email server is broadcasting as is public accessible same as the LDAP but I cannot access to any of them from the "Intranet" therefore no subnet is connecting with the other.
I tried add access control rules but not working, any idea please?
ā12-05-2024 06:04 AM
@nomorenoless you may need a NAT exemption rule to ensure traffic from intranet to web/email server is not unintentially translated.
I don't have an FDM example, but here is an ASA NAT exemption rule example (it's the same logic on FDM) https://integratingit.wordpress.com/2022/01/16/asa-nat-exemption/
ā12-05-2024 06:06 AM
Thank you, let me read more in depth and translate to FDM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide