View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0242 - FTD 6.1 Network Address Translation (NAT) (Part 1)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video runs through various NAT scenarios on Cisco FTD 6.1. We will be going over structure of NAT policy and covering the majority of common NAT use-cases including static NAT, dynamic NAT, PAT, and Identity NAT using both Twice NAT and Object NAT. We will also configure NAT64 to allow internet access to our IPv6 environment we configured in the previous video.
 
Part 1 of this video covers NAT policy and static NAT
 
Topic:
  • Null Route
  • Interface Group
  • NAT Policy
  • Static NAT
    • Host-to-Host
    • Subnet-to-Subnet
  • Static PAT
  • Dynamic NAT
  • Dynamic PAT
  • PAT Pool
  • Destination NAT
  • Identity NAT
  • NAT64

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

7 comments

NAT intro in this video is interesting. We work with FTD 1010s and we don't use NAT configuration, only the access control policy and we require static NAT. Is NAT really not required in 6.6.+? Things are working well without NAT so I'm not sure what's going on here.

By default there is no NAT. Unless you have a match-all rule at the bottom of the NAT table, traffic that does not match one of the NAt rules will not be NAT. This is always the behavior on FTD.

Hi there,
I saw your SEC0242 videos, so far I learned a few interesting things. I'm implementing port forwarding on FMC but I been unable to do it.

I have a "ISP Modem", then a "Cisco Router 4431", then a "Cisco Firewall 1120", then the servers, from Modem I did port forwarding to Router, then from Router did port forwarding to Firewall, which is working, but when I try to do port forwarding from Firewall to server 192.168.150.46 the issue appears.

This are my interfaces: https://imgur.com/a/07xV54B
This is my NAT Policy: https://imgur.com/a/anz8aQv
And this is my Access Control Policy: https://imgur.com/a/pX6cvQA

Any ideas why this is happening? Thank you a lot for all for time!

Assuming the ISP modem is a true modem and not a router, the public IP would be on the router and this is where you should perform port forwarding from public IP to the true server private IP. The FW at this point should only route with no NAT. Try to avoid multiple port-forwarding if you can.

It works, thank you so much.

Just got a Firepower1140 coming from ASA, this video was extremely helpful, thank you!

Thank you Derrick for you feedback.