cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
384
Views
1
Helpful
4
Replies

FDM Configuration for one static public IP

nomorenoless
Level 1
Level 1

Hello guys,

I been for days reading all type of articles and information but I am unable to setup my network, I will appreciate so much if someone could help; I am trying to setup a webserver for webhosting, an Email server and a Application Server but I have one static IP 168.63.129.16/31 Gateway 168.63.129.15 (example)
How can I setup this in the firepower and the defaul outside IP?
Thank you in advance!

2 Accepted Solutions

Accepted Solutions

@nomorenoless create an object to represent the IP address of the internal server. Create a manual NAT rule (as below), reference the object as the source address, select the destination interface (use your outside interface public IP address), just change the port to meet your needs.

RobIngram_0-1731744267927.png

Example - https://integratingit.wordpress.com/2020/02/08/ftd-configuration-using-fdm/

 

 

View solution in original post

@nomorenoless you may need a NAT exemption rule to ensure traffic from intranet to web/email server is not unintentially translated.

I don't have an FDM example, but here is an ASA NAT exemption rule example (it's the same logic on FDM) https://integratingit.wordpress.com/2022/01/16/asa-nat-exemption/

 

View solution in original post

4 Replies 4

@nomorenoless create an object to represent the IP address of the internal server. Create a manual NAT rule (as below), reference the object as the source address, select the destination interface (use your outside interface public IP address), just change the port to meet your needs.

RobIngram_0-1731744267927.png

Example - https://integratingit.wordpress.com/2020/02/08/ftd-configuration-using-fdm/

 

 

nomorenoless
Level 1
Level 1

Thank you for @Rob Ingram it, I did it and works great, now just I have one issuie, I have a small developement and self hosted webserver, email server and LDAP, all is running thru the same one IP address, I know, I know, but I am low budget now. anyhow...  therefore my structurer will be something like:

Ethernet 1/12 WAN 168.63.129.16
Ethernet 2/12 Management 192.168.168.168
Ethernet 3/12 Intranet 10.66.66.0/24
Ethernet 4/12 web, email server 10.30.30.31
Ethernet 5/12 LDAP server 10.20.20.21

my web and email server is broadcasting as is public accessible same as the LDAP but I cannot access to any of them from the "Intranet"  therefore no subnet is connecting with the other.

I tried add access control rules but not working, any idea please?

@nomorenoless you may need a NAT exemption rule to ensure traffic from intranet to web/email server is not unintentially translated.

I don't have an FDM example, but here is an ASA NAT exemption rule example (it's the same logic on FDM) https://integratingit.wordpress.com/2022/01/16/asa-nat-exemption/

 

Thank you, let me read more in depth and translate to FDM

Review Cisco Networking for a $25 gift card