Hi I have a 6509-E chassis with a FWSM [FWSM Firewall Version 3.2(5) and I have enabled NAT control. In configuration file there are the following commands:
nat (inside) 1 10.10.0.0 255.255.0.0 tcp 0 300
nat (inside) 5 10.10.10.5 255.255.255.255 tcp 0 300
global (dmz1) 1 192.168.4.10
global (dmz2) 5 192.168.6.10
Whenever a host from 10.10.0.0 inside network tries to pass in dmz1 interface, FWSM is building a translation slot based on global (dmz1) entry. Whenever the host 10.10.10.5 from inside network tries to pass in dmz2 interface, FWSM is building a translation slot based on global (dmz2) entry.
However when the same host 10.10.10.5 tries to pass in dmz1 interface, FWSM is not building a translation slot based on global (dmz1) entry and produce the following log message:
Mar 02 11:14:03 172.16.14.2 %FWSM-3-305006: regular translation creation failed for tcp src inside:10.10.10.5/28742 dst dmz1:192.168.4.100/80
Am I missing something, or this behavior is normal? When I configure a second entry for this host : global (dmz1) 5 192.168.4.11 the traffic pass through without any problem. Can someone tell me if this behavior is normal, because I think that in PIX or ASA this phenomenon does not happen.
Thanks in advance!!!