Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1972
Views
5
Helpful
3
Replies

The FDM Equivalent of selecting a public IP for PAT not directly connected to the outside interface.

Go to solution
cisco-noob
Level 1
Level 1

‎11-16-2020 04:05 PM

Hello,

 

Any help with this is greatly appreciated. We just recently purchased the Firepower 1010. I am trying to specify a public IP address that is not directly connected to my outside interface. For example, in the 5540, you can select use PAT, then specify a public IP address like the image below. I have been stumped for over a week on how to do this. The answer is probably obvious. Thanks to anyone that can figure this out. 

 

 

 

 asa.PNG

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9

‎11-16-2020 11:38 PM

hi,

you can go in FDM: policies > NAT.

select type: dynamic > under original packet: select the "inside" interface and source address (or create new).

under translated packet: select source address (or create new). leave the rest as "any".

 

View solution in original post

3 Replies 3

Go to solution
LikeMyFloydPink
Level 1
Level 1

‎11-16-2020 07:18 PM - edited ‎11-16-2020 07:23 PM

Use a /32  (255.255.255.255) subnet mask.  That may or may not be the answer - is it behind another router or something?  What is your use-case? 

 

EDIT: Are you just trying to get past the wizard screen shown above?  I seriously don't know nor am I a NetSec guy. But if it is not directly connected and you are just trying to get it up and running, you could even use an RFC1918 address for the interim. 

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎11-16-2020 11:38 PM

hi,

you can go in FDM: policies > NAT.

select type: dynamic > under original packet: select the "inside" interface and source address (or create new).

under translated packet: select source address (or create new). leave the rest as "any".

 

Go to solution
cisco-noob
Level 1
Level 1

‎12-14-2020 09:11 AM - edited ‎12-14-2020 09:12 AM

Thanks again!

 

I came up with the following rule and I hope that I understood you correctly. I will be deploying my configuration on Wednesday, hopefully, it goes well.

pat_ip.PNG

 

 

 
 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card