Solved: STATIC NAT/PAT Using on firepower 2130 using FDM

cm · ‎02-25-2022

inside 192.168.1.1/24------FTD-----Outside -71.x.x.2/24 ------71.x.x.1 (Gw)

Mail - 192.168.1.2 -----------------71.x.x.3/24(Public)
ns2 - 192.168.1.3 -----------------71.x.x.4/24(Public)
www - 192.168.1.4 -----------------71.x.x.5/24(Public)

I m having challenge recreating this Scenario. I Wish to Protect Servers using Firepower
I m using FDM to configure. I have tried Setting the above but having issues.
I have setup Auto-Nat(2) to go out and working ok. I have configured STATIC NAT (1) above
auto-nat for the My servers. I can see the translations are ok on FTD from inside to Out ... Show conn
The problem is when I m coming from the Internet ... I can not ping the servers... what am I doing wrong.
the Ip address are all active ...

Rob Ingram · ‎02-25-2022

@cm you need to permit the inbound traffic in the ACP (Access Control Policy), you obviously need this in addition to the static nat rule to translate the traffic from public to private IP address.

View solution in original post

Rob Ingram · ‎02-25-2022

@cm hard to tell without seeing your configuration.

Please provide screenshot of your NAT rules and the ACP rule that permits the inbound icmp.

You could also run packet-tracer from the CLI to simulate the traffic flow, provide the output for review.

cm · ‎02-25-2022

Please check

Rob Ingram · ‎02-25-2022

@cm you don't have an inbound rule from the internet, you've only got one outbound rule from inside to outside.

cm · ‎02-25-2022

@Rob Ingram is the inbound for ACP or NAT

Rob Ingram · ‎02-25-2022

@cm you need to permit the inbound traffic in the ACP (Access Control Policy), you obviously need this in addition to the static nat rule to translate the traffic from public to private IP address.