LAN (inside) network - 192.168.10.0/24
WAN (outside)network - for eg 188.8.131.52/28
Device: Cisco Firepower 2100 series managed by vFMC
I have around 15 servers residing inside the campus that needs to be opened for public. Each server has different outside ISP IP. For eg server one has 184.108.40.206 DNAT to 10.11 , server two 220.127.116.11 DNAT to 10.12 etc
I did DNAT for servers from outside to inside. It is working perfect. When someone from outside public network access 18.104.22.168 they gets connected.
When a LAN user (for eg 192.168.10.14) access 22.214.171.124 it does not work. Any idea how to get both DNAT scenarios work ?
1. outside to 126.96.36.199
2. inside to 188.8.131.52
when i add inside zone to source objects in DNAT, it works, but the server 10.11 looses internet connection.
NB: some might get confused why 192.168.10.xx not accessing servers using local IP. It is a specific requirement.
Any help appreciated please.
You cannot make the traffic hairpin through the FTD appliance in the way you ask. Traffic would have to actually leave the egress interface (outside) and come back in for the NAT translation to be applied to the flow.
I was expecting this reply. The scenario you mentioned will work and i got it worked. Issue was NATed local IP will not get internet in this case.
184.108.40.206 DNAT to 10.11
192.168.10.14 access 220.127.116.11. It works, but no internet for 10.11
This is a very common scenario and can easily be done in other OEM firewalls.