FWSM-Same Security Traffic Permit

binhkdinh · ‎09-06-2007

Hello,

We want to group different vlans into the same level of security. Then want to have different groups talking to each other without (if not at all) using a lot of static mappings.

Example:

! Group one with security 20

nameif vlan11 A security20

nameif vlan12 B security20

nameif vlan13 D security20

! Group 2 with security 30

nameif vlan14 E security30

nameif vlan15 F security30

nameif vlan16 G security30

same-security-traffic permit inter-interface

static (E,A) 10.10.14.0 10.10.14.0 netmask 255.255.255.0

static (E,B) 10.10.14.0 10.10.14.0 netmask 255.255.255.0

static (E,C) 10.10.14.0 10.10.14.0 netmask 255.255.255.0

static (F,A) 10.10.15.0 10.10.15.0 netmask 255.255.255.0

static (F,B) 10.10.15.0 10.10.15.0 netmask 255.255.255.0

static (F,C) 10.10.15.0 10.10.15.0 netmask 255.255.255.0

static (G,A) 10.10.16.0 10.10.16.0 netmask 255.255.255.0

static (G,B) 10.10.16.0 10.10.16.0 netmask 255.255.255.0

static (G,C) 10.10.16.0 10.10.16.0 netmask 255.255.255.0

Is there a way/workaround to do the job without using this many static mappings? Another word, is there a shorter way to allow traffic flowing freely between security20 and 30 without using all those 9 static mappings?

Thank you very much in advance,

Binh

a.alekseev · ‎09-09-2007

I'm not sure but you can try "no nat-control"

binhkdinh · ‎09-10-2007

We're using version 2.3(3). "nat-control" is not available. -Thanks.