FWSM - Statics between same security interfaces necessary?

Answered Question
Jan 14th, 2009
User Badges:
  • Bronze, 100 points or more

I will have to implement a change which involves switching a single mode FWSM to multi mode.


Currently i have everything configured based on NAT0/NAT exemption which is going to be converted into static statements when doing the mode multi switch.


The only thing i am currently not sure about is if i need a static for same security level interfaces. Yes i know you only do statics from high to low interfaces but i just wanted to make sure that i don't have to prepare 4 pages of static rules before initiating the change.


Same security interfaces - static necessary? Please say NO. :)


Thanks for reading


Roble

Correct Answer by Jon Marshall about 8 years 3 months ago

Roble


"Please say NO. :)"


Okay then, no you don't need statics :-). See attached link for confirmation -


http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/cfgnat_f.html#wp1042673


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Roble Mumin Thu, 01/15/2009 - 06:14
User Badges:
  • Bronze, 100 points or more

Hi Jon,


that was exactly what i was looking for. Thanks for pointing that out.


Roble

Actions

This Discussion