autonat = object net
manual nat = twice NAT
In the example below we want to give a DMZ server an public IP
On ASA you can write NAT's on CLI
In FTD this is not possible
1 - Go to Objects -> Object Management
Create
INSIDE IP object
PUBLIC IP as object
2 - Go to Devices -> NAT
Edit the policy for the device you are working on
Add NAT rule
Choose Manual NAT rule
Insert into NAT rule before
Type: Static
Interface
Source: DMZ
Destination: OUTSIDE
Translation
Original Source: Select inside IP object
Translated Source: Select outside IP object
PAT pool
Leave unchecked
Advanced
Uncheck unidirectional
check Do no proxy ARP on destination interface
No comments:
Post a Comment