×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FWSM NAT misbehavior

Unanswered Question
Jan 26th, 2006
User Badges:

Hi,


I have a FWSM 2.3.1 on routed mode running on 6509 with switch on IOS.I am routing between two networks through FWSM as


10.16.0.0/24-----(int2)FWSM(int1)-----192.168.130/24


I am doing NAT bypass to communicate between int1 and int2.Security level for int1 is higher than int2


the related config for this is as follows.


ip address int2 10.10.255.2 255.255.255.252

static (int1,int2) 192.168.130.0 192.168.130.0 netmask 255.255.255.0

route int2 10.16.0.0 255.255.255.0 10.10.255.1


The configuration works fine but suddenly the 10.16.0.0/24 subnet becomes unreachable from FWSM and 192.168.130/24 network.

when i check the xlates i find.


Global 10.16.0.1 Local 10.16.0.1

Global 10.16.0.2 Local 10.16.0.2

Global 192.168.130.1 Local 192.168.130.1

The first 2 lines are not expected in normal scenarios as i should only be getting the third line.

The network becomes reachable as soon as i clear the translations for 10.16.0.0/24 network.


Any idea why this is happening?


regards

Ashish

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Wed, 02/01/2006 - 14:23
User Badges:
  • Silver, 250 points or more

On the FWSM, you must specifically configure some interfaces to either use or to bypass NAT. For example, when hosts on a higher security interface (inside) access hosts on a lower security interface (outside), you must configure NAT on the inside hosts or specifically configure the inside hosts to bypass NAT .

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010d2.html.

Actions

This Discussion