Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2498
Views
13
Helpful
18
Replies

What would be the translated sources in NAT rule on Cisco FMC for FTD?

Go to solution
CiscoBrownBelt
Level 6
Level 6

‎07-15-2024 11:48 AM

Just want to be sure. So If establishing connection from internet to private internal server, the translated source would be the private IP want to nat the public IP to? The Translated destination would be the IP of the internal server?

 

CiscoPurpleBelt_0-1721069283015.png

 

0 Helpful
18 Replies 18

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to MHM Cisco World

‎07-17-2024 05:34 AM - edited ‎07-17-2024 05:34 AM

Thanks! So for Out to In, Original Source and Translated Source you would enter the public IP for the public host (host out on internet want to allow reachability to server) correct? You can also just nat that host to any other internal private IP say in the same subnet as the internal private server (enter that IP/object in Translated Source field) and that would still work correct?

 

So source = static
Source Int Obj = Outside
Desination Int Obj = Inside
Original Source = my public host IP that wants access to internal server
Original Destination = Public IP/GW for internal server
Original Services = say https
Translated Sources = my public host IP that wants access to internal server
Translated Destination = actual real private IP of internal server need access for

Go to solution
MHM Cisco World
VIP
VIP
In response to CiscoBrownBelt

‎07-17-2024 05:38 AM

Yes all list below is correct 

NAT = static
Source Int Obj = Outside
Desination Int Obj = Inside
Original Source = my public host IP that wants access to internal server
Original Destination = Public IP/GW for internal server
Original Services = say https
Translated Sources = my public host IP that wants access to internal server
Translated Destination = actual real private IP of internal server need access for

Apply  it and dont forget add acl to allow traffic.

Goodluck friend 

MHM

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to MHM Cisco World

‎07-18-2024 11:27 AM

Entered the statement as above but show xlate shows the following. Shouldn't the Inside IP (changed IP text for private purposes) be the internal host?

TCP PAT from Outside:1.1.1.1 443 to Inside:1.1.1.1 443
flags srT idle 1:08:50 timeout 0:00:00

Go to solution
MHM Cisco World
VIP
VIP
In response to CiscoBrownBelt

‎07-18-2024 11:45 AM

Yes it show that 
can I see the last NAT you use 
thanks 

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card