Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM : Conditional NAT and route to OUTSDIE

Hi All,

I have a requirement wherein when a particular machine access certain IPs it should be routed to the INISDE and when it access any other IPs it should be natted and send to the Internet. This machine is in a dmz which has a network of 172.23.0.0/24. The network that connects to the INSIDE is 172.18.0.0 /24. When this machine accesses 192.168.0.0 /16 on the MSFC or another dmz of 172.17.0.0/16 it should not be natted and when it accesses anything else it should be natted to a public IP address and send towards the Internet router.

I am concerned about the NATing and routing towards the Internet. Can that be done as follows:-

nat (dmz1) 1 access-list INTERNET

global (OUTSIDE) 1 <public-ip>

access-list INTERNET extended deny ip host 172.23.0.110 172.17.0.0 255.255.0.0 any

access-list INTERNET extended deny ip host 172.23.0.110 192.168.0.0 255.255.0.0 any

access-list INTERNET extended pemrit ip host 172.23.0.110 any

When traffic comes to FWSM from 172.23.0.110 and heads towards 172.17.0.0 or 192.168.0.0, i dont want it to be natted and send to internet, but all other traffic from 172.23.0.110 should be natted tp <public-ip> and send to internet. For this is the above access-list, nat and global work?

Thanks in advance

Sonu

146
Views
0
Helpful
0
Replies
CreatePlease to create content