FWSM - Statics between same security interfaces necessary?

Answered Question
Jan 14th, 2009

I will have to implement a change which involves switching a single mode FWSM to multi mode.

Currently i have everything configured based on NAT0/NAT exemption which is going to be converted into static statements when doing the mode multi switch.

The only thing i am currently not sure about is if i need a static for same security level interfaces. Yes i know you only do statics from high to low interfaces but i just wanted to make sure that i don't have to prepare 4 pages of static rules before initiating the change.

Same security interfaces - static necessary? Please say NO. :)

Thanks for reading

Roble

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 10 months ago

Roble

"Please say NO. :)"

Okay then, no you don't need statics :-). See attached link for confirmation -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/cfgnat_f.html#wp1042673

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Roble Mumin Thu, 01/15/2009 - 06:14

Hi Jon,

that was exactly what i was looking for. Thanks for pointing that out.

Roble

Actions

This Discussion