I require thart the internal machine is able to access the internet however this is not happening and when checking the traffic logs I can see that it is down to the NAT rule however I require this NAT rule in place as this allows authentication servers to commmuncate with server in the internal network.
My question is how can I get the internal IP to browse the internet without removing the NAT rule?
Please follow the below example, my internal network is "10.10.10.0/24", as per setup below my internal network will have access to internet and if you want to allow any other network all you have to do is to add other network address on the next entry on the "allownatout" ACL.
global (outside) 1 interface
nat (inside) 1 access-list allownatout
access-list allownatout extended permit ip 10.10.10.0 255.255.255.0 any
"internal network IP: 220.127.116.11 Natted to DMZ IP of 18.104.22.168"
the above two IP of yours are public IPs, they are not internal private IP.
"DMZ interfact points to a fortigate firewall which is my external firewall"
"Therefore all traffic from the cisco pix on DMZ interfact is indeed outside traffic, I have set my external fireall to accept all for now"
DMZ is perimeter network segment and it is still consider to be internal segment however your external firewall is connected DMZ interface of PIX and the DMZ perimeter segment has been treated like an outside to access to internet cloud.
It is very difficult to analyze and troubleshoot this network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :