Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
1
Replies

Simplest method of forwarding traffic from outside to inside

dovla091
Level 1
Level 1

‎06-07-2017 06:50 AM - edited ‎03-12-2019 02:28 AM

Hi,

I need one suggestion from you guys/girls.

I have firewall which was set by me one month ago. So it was quick and simple config without complicating things. One WAN address, two lan (one primary, and one extra). access lists to allow inside -> outside, dynamic NAT for each subnet (yes I know that I could set (any,outside) and cover both, but I choose not to...), one VPN config with split tunnel, etc. literally nothing special. Now they've decided to put another firewall behind mine and ask me to forward all the traffic everything to second firewall. So technically my firewall will be bridge with NAT function... (don't ask why :) ).

What would be easier way to pull this or should I say, cleanest way?

my idea would be to set outbound rule to allow any to any (as they don't want restrictions), and to set static NAT from outside to IP of their firewall interface. In theory this should work, but again I have never tried and I don't know if there is perhaps better solution to this?

Let me know about your opinion :)

Cheers.

Labels:
0 Helpful
1 Reply 1

dovla091
Level 1
Level 1

‎06-07-2017 07:08 AM

Is it better perhaps to set asa as transparent firewall so it fwd everything to that second firewall?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card