Skip to main content
hunght11
hunght11
New Member
July 29, 2020
Question

NAT Object 1-1 ASA TO FORTIGATE

  • July 29, 2020
  • 1 reply
  • 4408 views

Hi all

We have 1 configuration ASA with: 

object network DMZ_OUTSIDE nat (DMZ,OUTSIDE) static 172.17.26.191

we have change config from ASA to fotigate but it not ook . ( all policy from DMZ to ousite we enable NAT)

please help us

 

Thanks all

    1 reply

    lobstercreed
    lobstercreed
    New Member
    July 29, 2020

    I am really not sure what you're trying to do.  About all I got from that was "NAT", and NAT is clearly not enabled on the policy you screenshot, so that might be the issue.

    hunght11
    hunght11Author
    New Member
    August 4, 2020

    Hi @Iolstercreed 

    How do you change nat for ASA:

    object network DMZ_OUTSIDE nat (DMZ,OUTSIDE) static 172.17.26.191

    to fotigate.

    Please help we 

    poundy
    poundy
    New Member
    August 12, 2020

    I also don't understand what you're trying to achieve.  I also don't understand what your testing of that NAT showed - perhaps you could clarify what you did to test it and what did or did not happen, and what debugging you've done for yourself? 

     

    However one thing that I have found in my own NAT scenario on FGT is that your interface IP addresses becomes important; unless one side of your NAT is within an IP range of an interface, the traffic won't be picked up by the NAT and forwarded; so if your interfaces don't have an address in the 172.17.26.0/24 address space, they won't work.  

     

    Not sure if your scenario is like mine or not, here's the definition that I use (clearly this is port-forwarding that you don't use):

     

    edit "VPRT_80" set extip 192.168.0.11 set extintf "any" set portforward enable set mappedip "<internet IP addr>" set extport 80 set mappedport 10080 next

    Terms & ConditionsAccessibility statement