cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
292
Views
5
Helpful
6
Replies

newbie question FPR 1010 FTD

Newbie question trying to learn more on FPR setup.

I have a setup looking like this
ISP -> FPR 1010 FTD (192.168.10.1) -> UDM PRO gateway (10.90.22.1) -> Unifi switch

When i turn on my NAT rule on my UDM for my Vlan 22 (10.90.22.0/24) im no longer able to connect to my FPR on the its IP.
I simple cant reach it any longer, tracert shows that i exit via the GW for the Vlan then it dies.

On my UDM for all Vlans i've created a Source NAT to point to the FPR 192.168.10.1
(Interface=WAN port, Translated IP=10.90.22.0/24 Source=10.90.22.0/24, Destination=192.168.10.1)
i have on the FPR create the 2 Vlans prensent on the UDM 10.90.22.0, 10.90.33.0.

I can't figure out what is wrong in my setup and why im not able to access the FPR, i've tried to create allow policy for the 10.90.22.0. management access is also allowed currently on all subnets 

1 Accepted Solution

Accepted Solutions

Well turns out my issue was as simple as just removing the nat on the UDM and correctly adding the appropriate routing on the FPR.

Thx all for your replies, issue is resolved.

View solution in original post

6 Replies 6

I am not into UDM config, but are you saying that you translate 10.90.22.0/24 to 10.90.22.0/24 which effectively means no NAT? Then the FTD needs a route on the inside interface pointing to the UDM IP 192.168.10.x so the FTD can answer back. If the FTD sees an IP 10.90.22.x, this is not in the routing table by default as a dedicated route and FTD doesn't know what to do with this packet.

balaji.bandi
Hall of Fame
Hall of Fame

When you do on the NAT in UDM then FTD not able to view the local IP address behind UDM example 10.90.22.0/24 network.

what is the UDM site p2p IP connecting to FTD ( you mentioned 192.168.10.1 is this configured on FTD side UDM side)

you need route for the 10.90.22.X towards UDM IP from FTD example route should be 10.90.22.X/24 to 192.168.10.X(UDM side IP that to work).

i have on the FPR create the 2 Vlans prensent on the UDM 10.90.22.0, 10.90.33.0.

if you looking UDM need to do all NAT then you do not need these VLAN exists in FTD.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Are you trying to translate the internal subnet 10.90.22.0/24 into UDM interface facing the FTD? do you have any allowed IP addresses to get into the firewall management port?

Well basically im trying to allow my lan network to access the fpr web interface. Im afraid i may have misconfigured something along the way because i just realised that the subnets only have internat access as long as the udm masquerades til ips to be from the same subnet as the fpr.

Maybe some can riddle me this

i have a static route 10.26.xx.xx/24 towards my fpr’s gw. My udm is connected to the fpr on port 2, the interface is set as a switch port with the fpr gw ip. My udm has a ip from this scope so 10.224.xx.xx. I’ve created the udm vlans on the fpr source being inside and translated being interface.

On the udm i have a vlan 10.26.xx.xx this is default masqueraded as 10.224.xx.xx, i want to remove this and allow the real 10.26.xx.xx to reach the fpr and go to internet.

as i originally statet total newb sry

Well turns out my issue was as simple as just removing the nat on the UDM and correctly adding the appropriate routing on the FPR.

Thx all for your replies, issue is resolved.

Review Cisco Networking for a $25 gift card