02-10-2008 11:13 PM - edited 03-12-2019 05:57 PM
Hello:
I am in the process of configuring FWSM and want to have 3 inside interfaces and one outside. The Securty level for these interfaces as follows:
Outside - 0
Inside_1 - 80
Inside_2 - 70
Inside_3 - 60
But I don't want to perform NAT on any of them. Is this posiible (or do I have to setup same security levels for these interfaces to perform no NAT)?
Thanks in advance.........
Solved! Go to Solution.
02-11-2008 02:22 AM
Hey,
You don't have to use NAT if you don't want to and the security levels don't have to be the same to achieve this. You will need to use the NAT 0 command though for each and statics to allow communication from lower to higher security-level.
I hope that helps.
Anthony
02-11-2008 05:13 AM
With FWSM version 3.x or higher, the blade,
by default, will route traffics so you do
NOT have to do anything. You still need
ACL to go from low to high but NOT from high
to low.
If you still use fwsm version 2.x, you still
NEED to perform no NAT to go from high to
low
CCIE security
02-11-2008 02:22 AM
Hey,
You don't have to use NAT if you don't want to and the security levels don't have to be the same to achieve this. You will need to use the NAT 0 command though for each and statics to allow communication from lower to higher security-level.
I hope that helps.
Anthony
02-11-2008 05:13 AM
With FWSM version 3.x or higher, the blade,
by default, will route traffics so you do
NOT have to do anything. You still need
ACL to go from low to high but NOT from high
to low.
If you still use fwsm version 2.x, you still
NEED to perform no NAT to go from high to
low
CCIE security
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: