Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
1
Replies

Understand NAT and access rule in FWSM on 6500

Go to solution
acotelcom
Level 1
Level 1

‎09-04-2008 03:52 AM - edited ‎03-11-2019 06:39 AM

The first of all, thanks in advance.

We are making a new architecture with FWSM on 6500 and we have problems with the access trought it.

I know the Cisco PIX, and work with it, and I don't know if this is true or i have a big mistake or is different in FWSM, but it don't work properly:

I don't know if this is true or i have a big mistake, but it don't work properly.

INSIDE Level 100 OUTSIDE Level 0

Host A -------------------------------------------------------- Host 1

/ /

/ /

/ /

/ FW PIX /

/ /

/ /

Host B -------------------------------------------------------- Host 2

Two case:

Host A to Host 1 ==> Only need a NAT rule to connect to any in outside.

Host 2 to Host B ==> Need a ACL rule from outside to inside, and a NAT rule to Host B from inside to outside

What is the problem?

If you need, i could paste a config...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-04-2008 06:05 AM

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-04-2008 06:05 AM

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card