11-29-2007 07:46 AM - edited 03-11-2019 04:37 AM
I'm testing equal security (80, 80) on internet facing and intranet facing interfaces.
I can originate traffic in the intranet side and receive the retun traffic from internet side.
However, I'm not able to receive traffic when originated in the internet side.
May I have some advice on this please?
Info:
-----
FWSM Firewall Version 2.3(4)
FWSM Device Manager Version 4.1(3)
Config Abstracts:
----------------
FWSM#
!
!
nameif vlan2047 mgmt security90
nameif vlan4094 outbound security80 !!----------facing internet
nameif vlan4047 inbound security80 !!----------facing intranet
!
ip address mgmt 10.220.251.4 255.255.255.0
ip address outbound 10.192.3.50 255.255.255.240
ip address inbound 172.16.1.10 255.255.255.252
!
!
ftp mode passive
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 H225 1720
fixup protocol h323 ras 1718-1719
fixup protocol rsh 514
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
!
!
11-29-2007 11:07 AM
I forgot, but there is a command to permit traffic between same security levels. Can you try that? same-security-traffic permit inter-interface. You may also try nat-control. Also you need to permit on the inside interface (fwsm is different from PIX)
Satya
11-30-2007 01:41 AM
"same-security-traffic permit inter-interface"
the above command is already inplace (i should have included this before). I need to look into Nat-control to see how this will fit in a situation without nating requirment.
I also want to know if the choice of context and system may make the difference for same-security-level. Please also view the o/p regarding context (Shows context as system) and.
FWSM# show resource usage
Resource Current Peak Limit Denied Context
SSH 1 2 5 0 System
Conns 3151 83760 unlimited 0 System
Xlates 7415 26399 unlimited 0 System
Hosts 7415 26399 unlimited 0 System
Conns [rate] 186 9114 unlimited 0 System
Fixups [rate] 40 8840 unlimited 0 System
BS-6506-FWSM#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide