Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
0
Helpful
1
Replies

Firepower 2110 - Access rules & NAT

richard.priest
Level 1
Level 1

‎03-04-2020 01:35 AM

Hi all,

 

I'm trying to get our new FP2110 into production and even the simplest of tasks seem to be a struggle in FDM. (we don't have FMC)

 

I've setup a test server sat on a dev environment, it's running librespeed. This server can ping outside, so the PAT rule is working fine on the FP2110

 

However when I set a rule as per below - the destination address is set to the external IP I have assigned as a host address: 

Firepower_Rule.png

 

Traffic is blocked by the implicit deny, see the events below

Firepower_Events.png

If I delete the external NAT address in the rule, so effectively allow any/any in then traffic is allowed in.

 

However I still can't browse to my server via it's external address. The NAT rule is below

Firepower_NAT.png

 

Dead simple, but just won't work.

 

On an ASA I'd have some form of syslog to indicate if a NAT rule was wrong etc, but on this FirePower I'm flying almost blind, it's quite frustrating.

 

Any help would be much appreciated.

1 person had this problem
0 Helpful
1 Reply 1

richard.priest
Level 1
Level 1

‎03-04-2020 03:50 AM

I've realised I made an idiot mistake with the ACL, I was selecting the source port rather than the destination.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card