communication betn same sec levels

Collin Clark Thu, 02/08/2007 - 10:12

I am unfamiliar with the FWSM but in PIX/ASA you can use the following command.

same-security-traffic permit inter-interface

daviddtran Thu, 02/08/2007 - 11:30

what you said is true only for version 7.2(1) or

higher. If your version on the Pix/ASA is not

7.2(1) or higher, this will only work for

IPSec traffic.

in FWSM, version 3.1(3) does not have this

feature because FWSM code is always behind

pix/ASA code.

Jon Marshall Thu, 02/08/2007 - 22:45


Actually the FWSM v2.3 supports this commmand as does 3.1. From one of our FWSM's

SZ-JFH-F00-DTE-FW1/dev-ct# conf t

SZ-JFH-F00-DTE-FW1/dev-ct(config)# same ?

Usage: [no] same-security-traffic permit inter-interface

[no] same-security-traffic permit intra-interface

show same-security-traffic

SZ-JFH-F00-DTE-FW1/dev-ct(config)# sh ver

FWSM Firewall Version 2.3(2)

FWSM Device Manager Version 4.1(1)

Compiled on Wed 06-Apr-05 13:08 by dalecki

SZ-JFH-F00-DTE-FW1 up 37 days 16 hours

Configuration last modified by enable_15 at 06:34:12 Feb 09 2007


Whilst it's generally true that FWSM v2.x equates to Pix v6.x and FWSM v3.x equates to v7.x the FWSM code is not just a replica of the pix equivalent.




