Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

NAT on firewall

Hi, i have done dubble nat on firewall so that people from outside can not c my internal network and people from inside connect to local ip address to access services outside.

static ( inside,outside) 20.1.1.1 10.1.1.1 netmask 255.255.255.255

static ( outside, inside) 192.168.1.1 192.168.2.1 netmask 255.255.255.255

everything seems fine

now if user does not have nat translation lets say 10.1.1.2 tries to communicate with another one on the other end, the logs on the other company firewall see 's my internal ip as it is because it does not have translation.

How can i block any user that does not have translation to pass from my firewall to the other firewall

Teardown ICMP connection for faddr 20.1.1.1 gaddr 10.1.1.2 laddr 10.1.1.2

thanksssssssssss

2 REPLIES
Community Member

NAT on firewall

Hello firewall experts

Re: NAT on firewall

Hi ,

you can enable nat-control. en > conf t > nat-control

By enabling nat-control , any flow from a higher security level (ex inside) to a lower security level ( ex. outside ) will not be permited if it is not sNATed.

This will affect all your flows.

Dan

256
Views
0
Helpful
2
Replies
CreatePlease to create content