Solved: FWSM - Statics between same security interfaces necessary?

Roble Mumin · ‎01-14-2009

I will have to implement a change which involves switching a single mode FWSM to multi mode.

Currently i have everything configured based on NAT0/NAT exemption which is going to be converted into static statements when doing the mode multi switch.

The only thing i am currently not sure about is if i need a static for same security level interfaces. Yes i know you only do statics from high to low interfaces but i just wanted to make sure that i don't have to prepare 4 pages of static rules before initiating the change.

Same security interfaces - static necessary? Please say NO. :)

Thanks for reading

Roble

Jon Marshall · ‎01-15-2009

Roble

"Please say NO. :)"

Okay then, no you don't need statics :-). See attached link for confirmation -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/cfgnat_f.html#wp1042673

Jon

View solution in original post

Jon Marshall · ‎01-15-2009

Roble

"Please say NO. :)"

Okay then, no you don't need statics :-). See attached link for confirmation -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/cfgnat_f.html#wp1042673

Jon

Roble Mumin · ‎01-15-2009

Hi Jon,

that was exactly what i was looking for. Thanks for pointing that out.

Roble