I am new to Cisco Firepower FDM Firewalls and not very familiar with port forwarding from outside networks. I am trying to allow specific Outside IP's to be able to be routed to a specific inside server. I have tried to setup port forwarding and the outside IP's do get to our network but only to our internal web server and not the intended server. If you have any suggestions, please let me know! I have attached a basic topology of what I am trying to accomplish.
I have a Firepower 1120 Firewall. I set up the NAT policy as suggested in the link the you sent but I don't think that it is working and is getting passed. They are able to get connected to our network but they are getting to our web server and not the intended server. I did setup an Access Rule as well that should direct the outside ports from the outside network to the specific inside IP and it is also getting no hits. I moved the NAT policy up to the top of the list and it still is the same result.
They are able to get connected to our network but they are getting to our web server and not the intended server.
explain more here, what is that web server ? we need more information here in terms of IP address (outside and inside) and what ports ?
what web server IP from outside able to reach?
what is the intended server IP address and port?
is the intended server port is working internally and open ?
Still, we have limited information here: to clarify?
The exchange IP is 192.168.0.6 - this is working ( YES/ NO) - is this suppose to work as part of this setup?
intended IP is 192.168.0.234 - check the difference between the above IP address and this address?
Do you have NAT inside to outside ?
Are you able to see the Logs of the request coming to FW ? (since you know the outside source IP )
Do you have a dedicated Static IP which you doing NAT outside to inside ? or you using the same IP address of Outside interface IP Address?
Also, check the Logs it gives you more information why it was not working?
Yes, the Exchange 192.168.0.6 is working and it is not a part of this setup.
The NAT is setup as inside / outside. Cisco tech had suggested to setup as outside / inside but when I did, it showed the 192.168.0.234 server as a duplicate IP on the network.
The logs I did last showed that it was using the any / any NAT policy that was setup by the tech that did the firewall which is at the bottom of the NAT list. The only other NAT policy is the policy of inside / outside Exchange IP to any interface.
When doing the NAT for the setup to the 192.168.0.234 from the outside IP I put in the specific outside IP address and port.