Dear Team ,
In our environment we are going to deploy Cisco Expressway and E setup with Single NIC
So i want below NAT translation
Can you please help us to write rule for below requirement .
Source Original Destination Original Source Translated Destination Translated 10.10.10.8 2.2.2.2 1.1.1.1 10.10.10.9 Return 10.10.10.9 1.1.1.1 2.2.2.2 10.10.10.8
Actually we are normally doing destination nat By VIP and Source nat by enabling nat in policy ,
This requirement has bot NAT so i need to know how to write policy with souce and Destination NAT .
Please let us know
Find reference from below URL
https://ciscokoolaid.wordpress.com/2016/08/05/expressway-single-nic-asa-nat-reflection/
Regards,
Harmesh Yadav
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Harmesh,
Please configure Virtual IP for Cisco-Express-E with public IP by keeping external interface any.
Add policy from Your Cisco-Expresss-C to Cisco-Express-E server with source as Cisco-express-C destination as VIP(Cisco-Express-E) and service as per suggestion. (This policy will be from same interface to same interface which can be called as hairpin NAT as well).
And then configure policy from Outside to inside for accessing Express-E services form outside.
Hope this will resolve your issue
Thanking you.
Regards,
Nikhil Chaudhari
FWIW; Since this is a FTNT forum, yes you can do SNAT/DNAT in the same policy-id also.
Ken Felix
PCNSE
NSE
StrongSwan
When I am doing Hairpin NAT Policy it will automatically do source nat
Myr equirement is
Source 10.10.10.8 should reach public ip of 10.10.10.9(1.1.1.1)
When packet going to 1.1.1.1 it will translated with Gateway ip of 10.10.10.1 - Gateway IP of 10.10.10.8
Dear Team ,
When we are doing Hairpin NAT
our customer having fortigate installed with firmware version 5.2.2
We need communication between Local IP 10.10.10.8 --> PUB IP 1.1.1.1 (10.10.10.9- LOCAL IP)
when 10.10.10.8 going to communicate with 1.1.1.1 it wil change source to its gateway IP address .
WE dont want source nat we need it should directly talk with PUB IP From 10.10.10.8 to 1.1.1.1
how can we do it ?
disable NAT on the firewall policy which allows this
you can also put the VIP which does the translation in a interface to same interface policy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.