Solved: NAT from DMZ to Outside or inside doesn't work on FTD managed by FMC

ipv6x · ‎09-12-2022

Hello,

I am trying to understand why the nat from the DMZ zone doesn't work outside or inside.

DMZ Host 1 with private IP: 192.168.40.99 ----> I want to translate outside with IP: 192.0.2.50, I want to ssh from outside to DMZ H1.

Configured NAT from DMZ TO OUT see the photos.

I have configured ACP from out to DMZ allowing SSH traffic but doesn't work, any ideas why doesn't work?

Rob Ingram · ‎09-12-2022

@ipv6x use a Static Auto NAT rule (not manual), the source address would be host "dmz-real-h1" and the translated address is "IP_192.0.2.50".

Rob Ingram · ‎09-12-2022

@ipv6x use a Static Auto NAT rule (not manual), the source address would be host "dmz-real-h1" and the translated address is "IP_192.0.2.50".

ipv6x · ‎09-12-2022

@Rob Ingram i configured like this but nothing happened and I see on ACP hist the out-in-dmz gets hits but nothing passes why this?

ipv6x · ‎09-12-2022

I figured out @Rob Ingram i was missing the route from DMZ Host to FTD, after I configure the route now it worked.

Thank you,

Regards,