cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1277
Views
10
Helpful
4
Replies

How do I force an internal host or network to use a specific ip address on outbound http requests

twhitney
Level 1
Level 1

Hi Everyone,

 

I have a natted  Internal Webserver, which is working thanks to the guidelines found here

https://community.cisco.com/t5/firepower/acl-to-publish-my-internal-website-help-please/m-p/4016305#M16461

 

Now how do I force that same server to send its own http requests to any external website as the external ip address that it is set up to nat?

 

Right now all requests are appearing as the default IP of the FMC device.

I need it to appear as the specific ip.

 

Any guidance is appreciated.

 

4 Replies 4

Francesco Molino
VIP Alumni
VIP Alumni

Hi

 

Here a screenshot on how you can do it

 

image.png

 

You need to make sure it is placed before the global nat rule 1 in your screenshot from the other post (the one natting everything for internet access).

This will nat traffic source from http port to any port on the outside.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi,

Try something like this:-

111.PNG

Ensure this new rule is above your default rule that would normally nat the outbound traffic. If a connection is already established you will need to clear the existing xlate/nat connections with the command from the cli "clear xlate". Be careful doing that in production.

 

HTH

Thank you both,

 

Both solutions work.

 

I really do appreciate the help.

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: