cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1672
Views
0
Helpful
1
Replies

Firepower 2110 - Access rules & NAT

richard.priest
Level 1
Level 1

Hi all,

 

I'm trying to get our new FP2110 into production and even the simplest of tasks seem to be a struggle in FDM. (we don't have FMC)

 

I've setup a test server sat on a dev environment, it's running librespeed. This server can ping outside, so the PAT rule is working fine on the FP2110

 

However when I set a rule as per below - the destination address is set to the external IP I have assigned as a host address: 

Firepower_Rule.png

 

Traffic is blocked by the implicit deny, see the events below

Firepower_Events.png

If I delete the external NAT address in the rule, so effectively allow any/any in then traffic is allowed in.

 

However I still can't browse to my server via it's external address. The NAT rule is below

Firepower_NAT.png

 

Dead simple, but just won't work.

 

On an ASA I'd have some form of syslog to indicate if a NAT rule was wrong etc, but on this FirePower I'm flying almost blind, it's quite frustrating.

 

Any help would be much appreciated.

1 Reply 1

richard.priest
Level 1
Level 1

I've realised I made an idiot mistake with the ACL, I was selecting the source port rather than the destination.

 

 

Review Cisco Networking for a $25 gift card