09-06-2007 05:11 PM - edited 03-09-2019 06:46 PM
Hello,
We want to group different vlans into the same level of security. Then want to have different groups talking to each other without (if not at all) using a lot of static mappings.
Example:
! Group one with security 20
nameif vlan11 A security20
nameif vlan12 B security20
nameif vlan13 D security20
! Group 2 with security 30
nameif vlan14 E security30
nameif vlan15 F security30
nameif vlan16 G security30
same-security-traffic permit inter-interface
static (E,A) 10.10.14.0 10.10.14.0 netmask 255.255.255.0
static (E,B) 10.10.14.0 10.10.14.0 netmask 255.255.255.0
static (E,C) 10.10.14.0 10.10.14.0 netmask 255.255.255.0
static (F,A) 10.10.15.0 10.10.15.0 netmask 255.255.255.0
static (F,B) 10.10.15.0 10.10.15.0 netmask 255.255.255.0
static (F,C) 10.10.15.0 10.10.15.0 netmask 255.255.255.0
static (G,A) 10.10.16.0 10.10.16.0 netmask 255.255.255.0
static (G,B) 10.10.16.0 10.10.16.0 netmask 255.255.255.0
static (G,C) 10.10.16.0 10.10.16.0 netmask 255.255.255.0
Is there a way/workaround to do the job without using this many static mappings? Another word, is there a shorter way to allow traffic flowing freely between security20 and 30 without using all those 9 static mappings?
Thank you very much in advance,
Binh
09-09-2007 03:02 PM
I'm not sure but you can try "no nat-control"
09-10-2007 09:19 AM
We're using version 2.3(3). "nat-control" is not available. -Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide