Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM : Conditional NAT and route to OUTSDIE

Hi All,

I have a requirement wherein when a particular machine access certain IPs it should be routed to the INISDE and when it access any other IPs it should be natted and send to the Internet. This machine is in a dmz which has a network of The network that connects to the INSIDE is /24. When this machine accesses /16 on the MSFC or another dmz of it should not be natted and when it accesses anything else it should be natted to a public IP address and send towards the Internet router.

I am concerned about the NATing and routing towards the Internet. Can that be done as follows:-

nat (dmz1) 1 access-list INTERNET

global (OUTSIDE) 1 <public-ip>

access-list INTERNET extended deny ip host any

access-list INTERNET extended deny ip host any

access-list INTERNET extended pemrit ip host any

When traffic comes to FWSM from and heads towards or, i dont want it to be natted and send to internet, but all other traffic from should be natted tp <public-ip> and send to internet. For this is the above access-list, nat and global work?

Thanks in advance


CreatePlease to create content