Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
2
Helpful
8
Replies

NAT Help - Enable Public IP to access Internal IP via 1433 Port

Aamir Bhatti
Level 1
Level 1

‎07-15-2025 02:46 PM

Hello All,

I need help as I need to allow Public IP address to access Internal MS SQL Server via 1433 port. Below are the details.

Public Source IP 200.x.x.9
Internal Server Private Addess 10.x.x.126 (this server have a shared Public IP address as well)
Internal Port 1433 (SQL Server)

I am using FMC. and I know I need to use NAT but failing to configure it. 

Labels:
8 Replies 8

MHM Cisco World
VIP
VIP

‎07-15-2025 02:48 PM

Can I see how you config NAT in FMC

MHM

0 Helpful

Aamir Bhatti
Level 1
Level 1
In response to MHM Cisco World

‎07-16-2025 01:57 AM

Hello MHM,

I have done it like this, will you please guide general on steps to do so, keeping in mind the above share details. 

AamirBhatti_0-1752656201061.png

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Aamir Bhatti

‎07-16-2025 02:15 AM

the NAT is OK 
do config ACP to allow traffic from Internet to inside ?
check NAT and ACP with packet trace feature of ftd 

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎07-26-2025 04:58 AM

Any update of this case?

MHM

0 Helpful

paul driver
VIP
VIP

‎07-15-2025 11:23 PM

Hello

@Aamir Bhatti wrote:
I need help as I need to allow Public IP address to access Internal MS SQL Server via 1433 port. Below are the details.

Public Source IP 200.x.x.9
Internal Server Private Addess 10.x.x.126 (this server have a shared Public IP address as well)
Internal Port 1433 (SQL Server)

If you already have a static nat policy, it should be bi-directional, so i would say you just need to make sure you have a acl that will allow traffic to be initiated externally from a lower security interface level - <outside>to access an internal host on a higher security level <inside>

Example:

object network Web-srv
host 10.x.x.127

object network Web-srv-ext-host
host 200.x.x.9

object service TCP1433
service tcp source eq 1433

nat (inside,outside) source static Web-srv Web-srv-ext-host service TCP1433 TCP1433

access-list out-in extended permit ip host 200.x.x.9 host 10.x.x.127
access-group out-in in interface outside


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Aamir Bhatti
Level 1
Level 1
In response to paul driver

‎07-16-2025 02:09 AM

Hello Paul,

Thankyou for your reply, actually I have tired creating the Access Control policy, and NAT rule on FMC for the respective FTD. But I believe I am missing some steps or not putting the Vendor Public IP at the right place. 

Public Source IP 200.x.x.9
Internal Server Private Addess 10.x.x.126 (this server have a shared Public IP address as well)
Internal Port 1433 (SQL Server)

Will you please advise how should I create NAT rule and Policy, where to put which IP. Thankyou. 


Regards,

Aamir

0 Helpful

Aamir Bhatti
Level 1
Level 1

‎08-11-2025 12:56 AM

Thanks @MHM Cisco World and @paul driver. problem was resolved, apologies for the delayed reply. Just to share with you it was a prefilter policy that was stopping the traffic. 

Appreciate your help. 

MHM Cisco World
VIP
VIP
In response to Aamir Bhatti

‎08-11-2025 01:36 AM

As i guess 

Thanks for update us

Have  a nice day 

MHM

0 Helpful
Customers Also Viewed These Support Documents