Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1990
Views
5
Helpful
5
Replies

NAT FDM Configuration Outside - Inside

S3C
Level 1
Level 1

‎02-11-2022 10:53 PM - edited ‎02-11-2022 11:00 PM

Hello!

I cant seem to get my NAT to work and i cant figure out what im doing wrong...

I want to be able from the internet to access a server. Internet -> FDM (outside) -> Esxi (inside) -> Specific Server (so any to any dont work) and i want to specify the servers IP so its only natting to that specific server and not the everything on that interface.

Also i can ping the specific server.

 

Original packet

--------------

Source Interface: outside

Source address: outside_internet (host, IP of ISP)

Source Port: Any (supposed to be http & https)

Destination Address: Any

Destination Port: Any

 

Translated Packet

--------------

Source Interface: inside

Source address: Server (host)

Source Port: Any (supposed to be http & https)

Destination Address: Any

Destination Port: Any

 

ACL

-------

ACL is correct, from internet to the host with any on ports.

 

Events

--------

No connection is coming in to the specific server to there´s no ACL blocking

 

---------------

Feels like ive tried all combinations and checked other peoples guides and setups, which none work. So I just wanna make sure NAT is 100 % correct before troubleshooting elsewhere.

Labels:
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2022 11:29 PM

we use most cases FMC to that but its near by same :

 

check the below guide to help you:

https://www.petenetlive.com/KB/Article/0001680

https://integratingit.wordpress.com/2020/02/08/ftd-configuration-using-fdm/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

S3C
Level 1
Level 1
In response to balaji.bandi

‎02-11-2022 11:51 PM

Yeah, ive done exactly like those guides above and still dont work. Ive also tried it outside to inside as it should be but still wont work . Therefore im questioning if above is really correct then my problem is elsewhere maybe at my ISP.

0 Helpful

Georg Pauwen
VIP
VIP
In response to S3C

‎02-12-2022 12:01 AM

Hello,

 

as far as I recall, the packet tracer command equivalent is something like 'show packet-capture number trace detail', if you can get to that output, that usually tells you where the problem is...

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to S3C

‎02-12-2022 12:18 AM

If you configured correctly, then you need to Logs first is the packet reaching outside interface of Firewall, before it can translate ?

 

If you have external different access, try to use Pc with External IP try telnet XXXXX 443 (XXX  external IP) - see is that packet reach firewall ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

S3C
Level 1
Level 1

‎02-12-2022 02:22 AM - edited ‎02-12-2022 02:49 AM

I forgot to mention that it is a Cisco FTD 1120 with FDM.

Ill try above and see what output i get.

also followed https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-nat.html#task_AB7424D043054D71B35CE33F7AC0CA96

0 Helpful
Customers Also Viewed These Support Documents