Hello to all
and thank you very much in advance for help and suggestion.
I have to configure my Firepower 1010 to allow external users (internet) to reach my internal server where the website and cpanel services reside.
My static ip is managed by the ISP router, the router is a TIM HUB+.
My network is set up like this:
ISP router (WAN IP 80.104.xxx.xxx reachable from the internet) and IP 192.168.0.10 (net 255.255.255.0)
The ISP router forwards all incoming calls to the DMZ 192.168.0.11 which is the outside interface of the Cisco Firepower 1010.
The internal server is connected to inside_3 interface of the Firepower 1010 and has a static IP 192.168.2.25.
I created following objects:
4 WebserverPrivate HOST 192.168.2.25
5 WebserverPublic HOST 80.104.xxx.xxx
I added a new NAT policy along the lines of:
Original Packet
Interface = outside
Source IP = any-ipv4
Destination IP = <WebServerPublic>
Source Port = Any
Destination Port = HTTPS (or ANY or 2087 for cpanel)
Destination Packet
Interface = inside_3
Source IP = any-ipv4
Destination IP = <WebServerPrivate>
Source Port = Any
Destination Port = HTTPS (or ANY or 2087 for cpanel)
Then I added a Access Rule as follow:
Source
Zones = outside_zone
Networks = ANY
Ports = ANY
Destination
Zone = inside_zone
Networks = <WebServerPrivate>
Ports = HTTPS (or ANY or 2087 for cpanel)
Unfortunately this configuration do not work, the server remain unreachable and unpingable.....
I tried a lot of configurations as NAT but the result is always the same...... external connections are blocked and the server cannot be reachable.
I also tried to change ISP router configuration trying before to forward to DMZ >192.168.0.11 and also trying to use port forwarding to specifics port to Firepower (outside interface192.168.0.11) but nothing.....
Thank you very much for suggestion....
Antonio
