Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2801
Views
5
Helpful
2
Replies

FTD Static NAT with Port Translation clarification

Go to solution
Claudio_Lodigiani
Level 1
Level 1

‎10-29-2020 03:49 PM - edited ‎10-29-2020 03:50 PM

Hi everyone I need a little help with NAT on FTD

I'v been searching since yesterday but I had no luck finding some infos

What is the correct way to populate the configuration form for this scenario? Please see  attached images

Figure 8 Static NAT with Port Translation 

Did I pickup the right surce and destination ports in my example?

I'm sorry but I've been reading the guide below since yesterday but I can figure it out

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/network_address_translation__nat__for_firepower_threat_defense.html

Regards Claudio

 

fig8.PNGwebserver.PNGtelnet.PNG

 

 

Preview file
49 KB
Preview file
35 KB
Preview file
35 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎10-29-2020 04:34 PM - edited ‎10-29-2020 04:35 PM

As long as you selected the inside interface as the Source Interface Objects and the outside as the Destination Interface Objects, I would say you got it right Claudio.

Those static PAT rules will allow you to connect on port 80/tcp and 23/tcp using the outside interface public IP as the destination. For the http rule, the FTD will translate its outside interface IP to the webserver internal IP, and the external port 80/tcp to port 8080/tcp. Similar for the telnet rule, the FTD will translate its outside interface IP to the telnet server internal IP, and the external port 23/tcp to port 23/tcp. Don't forget to allow this traffic on the access control policy.

View solution in original post

2 Replies 2

Go to solution
Aref Alsouqi
VIP
VIP

‎10-29-2020 04:34 PM - edited ‎10-29-2020 04:35 PM

As long as you selected the inside interface as the Source Interface Objects and the outside as the Destination Interface Objects, I would say you got it right Claudio.

Those static PAT rules will allow you to connect on port 80/tcp and 23/tcp using the outside interface public IP as the destination. For the http rule, the FTD will translate its outside interface IP to the webserver internal IP, and the external port 80/tcp to port 8080/tcp. Similar for the telnet rule, the FTD will translate its outside interface IP to the telnet server internal IP, and the external port 23/tcp to port 23/tcp. Don't forget to allow this traffic on the access control policy.

Go to solution
Claudio_Lodigiani
Level 1
Level 1
In response to Aref Alsouqi

‎11-03-2020 12:28 AM

Thank you Aref

The configuration was correct it was an application problem

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card