Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
962
Views
0
Helpful
5
Replies

NATing through two firewalls(Datacenter-Edge)

ryoussef@toptech.com.eg
Level 1
Level 1

‎05-30-2018 04:48 AM - edited ‎02-21-2020 07:49 AM

Hello Everyone ,

 

I try to publish a website from a server range , so i Make an autonat static  nating on the firewall data-center but it didnt work and the internet connection on this server has been stopped !!

Note

*the firewall used on both firewall is FTD 2110 

*the datacenter firewall pass the traffic through the edge firewall 

*when i make this Nating on the edge firewall it works fine 

Attached below may help you to understand the topology of my network 

 

Any Ideas ?!!

 

Labels:
Preview file
1849 KB
0 Helpful
5 Replies 5

Florin Barhala
Level 6
Level 6

‎05-30-2018 11:59 PM

Nice drawing : )). Now where's that server located on the diagram?
Some config output will help us get this though.
0 Helpful

ryoussef@toptech.com.eg
Level 1
Level 1
In response to Florin Barhala

‎05-31-2018 02:24 AM

Thank you :D

I try to draw on visio  and i make it very simple 

i just need the idea of how to nat through the 2 firewall because i can nat from only the edge firewall 

Preview file
7 KB
0 Helpful

Florin Barhala
Level 6
Level 6
In response to ryoussef@toptech.com.eg

‎05-31-2018 02:50 AM

I am not sure why can't you NAT from the DC firewall? What's the error you get?
Also NAT is usually required for public/Internet access? Why do you need to NAT it twice?
0 Helpful

ryoussef@toptech.com.eg
Level 1
Level 1
In response to Florin Barhala

‎05-31-2018 03:02 AM

i can get internet access easily however i cannot publish any web server behind the datacenter firewall 

i configured the NATing on both firewalls and all the vlans can access internet 

The main issue is publishing the webserver on the server vlan(behind datacenter fw ) it not works

i test to publish the web server from the EDGE firewall it works fine 

0 Helpful

Florin Barhala
Level 6
Level 6
In response to ryoussef@toptech.com.eg

‎05-31-2018 05:27 AM

Now I finally got it ! : ))
This should be pretty easy though:
- post your NAT config on each FW
- I would also place a capture on the DC firewall on each of the two interfaces: "outside and inside" ; here's my strategy on the DC firewall:
access-list capt_DNAT permit ip host public_source_IP_from_where_you_test host server_private IP
access-list capt_DNAT permit ip host server_private IP host public_source_IP_from_where_you_test
capture cap1 interface inside access-list capt_DNAT
capture cap2 interface outside access-list capt_DNAT

Try connecting on the port from public_source_IP_from_where_you_test then check captures output.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card