07-19-2019 02:34 AM - edited 02-21-2020 09:19 AM
I wanna configure a static NAT rule , from outside network (internet) to access inside switch (intranet)
using telnet protocol . pls see below my setting ,but NAT didn't work , kindly advise right setting .
inside switch IP : 192.168.101.211
firepower outside interface IP : 192.168.0.20
allow telnet protocol
07-19-2019 08:15 PM
Make the NAT type static and source address "Any".
Also add an associated ACL allowing the incoming traffic.
I'm hoping this is only for lab/learning purpose - otherwise don't use telnet as it is insecure. Use ssh instead.
07-22-2019 12:19 AM
have done as you told me , but still no luck ,pls see my setting as attached ,
all I wanna is outside hosts can make a telnet connection from outside to inside switch using telnet port 23 ,
NAT rule translate Firepwer outside interface IP 192.168.0.20 to inside switch IP 192.168.101.211
I choose " auto NAT " , type : static ,
firewall outside interface ip: 192.168.0.20
firewall inside interface ip : 192.168.101.254
switch vlan ip 192.168.101.211
the connection scenario is :
outside host : 192.168.0.4 --> FPR2110 outside interface (192.168.0.20 ) --> FPR2110 inside interface (192.168.101.254)--> inside switch 192.168.101.211
07-22-2019 04:07 AM
while deploy NAT rule via firepower 2110 device manager console , I got the following error message
pls advise how to resolve the outside interface overlaps issue . tks .
22 July, 2019 Deployment failed User(Admin) Trigger deployment
07-22-2019 09:08 PM - edited 07-22-2019 09:15 PM
Make your NAT rule type manual NAT instead of AutoNAT. Make sure it is above the AutoNAT rules an ASA 5506 generally has for inside-outside.
Since you are using the outside interface address make the translated address "interface" instead of the IP address of the interface.
I just set it up using FDM on my lab ASA 5506 with FTD (using ssh instead of telnet as my test protocol).
Here what the confirmed working config looks like in the GUI:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide