Hello,
I have a situation where i can't grasp some things.
I have a Router Cisco ISR 1k connected P2P via /30 public subnet.
Behind the Router ISR 1k, i have a Cisco FTD(firepower3110) connected p2p on a /27 public subnet. I have used first 2 public IPs on router/firewall.
Q: It is possible to use an IP from remaining /27 subnet, to be exposed via a DNAT? For example i want to connect to an unused IP from that /27 and to be redirected to a resource inside.
I have another issue; when i try to ping the public interface of the firewall, even if i allowed icmp in platform settings + added an ALLOW access policy, after taking a capture it looks like the traffic is not reaching the public ip of the Firewall.
After seeing this behaviour and having in mind that i can ping the IP address of the Router ISR 1k interface, that's connected on the /27 segment, i cannot explain it.
What am i missing here?
Thank you!