×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FWSM : Can same security level command create identity nat?

Unanswered Question
Aug 15th, 2012
User Badges:

Hi All,


As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.


My brief configuration


- same security level intra interface is enable

- xlate-baypass is enable

- NAT examption for some subnet

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rleivaoc Wed, 08/15/2012 - 15:02
User Badges:
  • Cisco Employee,

To my knowlege the FWSM creates a xlate for all connections.


http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html


"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the

show xlate command to view translation sessions."

phatrachit Wed, 08/15/2012 - 18:15
User Badges:

Hi rleivaoc,


It's true that FWSM will create a xlate for all connections but it wouldn't show up anymore if xlate-bypass enabled. I mean traffic that pass through FWSM because FWSM NAT on Hardware not Software like ASA.

Actions

This Discussion

Related Content